This dumb password rule is from MKB NetBankár.

It only accepts lowercase letters, uppercase letters and numbers (any
other character counts as forbidden character).
Also, if your password contains any invalid character, it will get
marked as "Identical to the former 10 passwords".

To make it more fun, during the registration, it allows to se...

https://dumbpasswordrules.com/sites/mkb-netbankar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Others have already shared this, but I want to share it separately. #AI is not creating undetectable, advanced #malware. It’s just not happening.

Thanks to @dangoodin for a great article.

#infosec #cybersecurity

https://arstechnica.com/security/2025/11/ai-generated-malware-poses-little-real-world-threat-contrary-to-hype/

This dumb password rule is from MarketWatch.

- Cannot be longer than 15 characters.
- Must contain one number.
- Cannot contain spaces, %, & or +.

https://dumbpasswordrules.com/sites/marketwatch/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I finally did it.

I unfollowed #cybersecurity. It had become terminally LinkedInified here. Absolutely nothing of substance was being shared.

This dumb password rule is from Virgin Trains.

Your password needs to be between 8 and 10 characters long. Previously
this would silently truncate the password without warning, causing
confusion when the password wouldn't work.

https://dumbpasswordrules.com/sites/virgin-trains/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Seems important — why could that be? 🤔
"China bans foreign AI chips from state-funded data centers"
https://tribune.com.pk/story/2576102/china-bans-foreign-ai-chips-from-state-funded-data-centers
#NationalSecurity #cybersecurity #geopolitics #China

This dumb password rule is from European Union Intellectual Property Office.

- The password must be between 8 and 30 characters, containing at least a digit [0-9], a lower case letter [a-z], an upper case letter [A-Z] and one of [!@#$%&*,.] characters

https://dumbpasswordrules.com/sites/european-union-intellectual-property-office/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Lloyds Bank.

Max 15 characters, min 8. You cannot use **ANY** special characters -
alpha-numerics only. This amazingly terrible password policy combines
with a known phrase (The "Memorable Information") of which you will be
asked for a random 3 characters of if you get your password right.
This phrase has sim...

https://dumbpasswordrules.com/sites/lloyds-bank/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Dell.

Okay at least 6, that's alright I guess.

Oh at least one number and one letter, bit dumb but hey not that dumb.

But hiding the fact that it has a max of 20, now THAT is dumb!

https://dumbpasswordrules.com/sites/dell/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sky Ticket.

Sky is a german pay-TV provider with over 23 million subscribed users worldwide. They also have an online streaming service called "Sky Ticket".

You can only set a **4 digit long PIN** with no option for two-factor authentication or any additional security mechanisms.

https://dumbpasswordrules.com/sites/sky-ticket/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Vélib’ Métropole.

Your password must be at least 10 characters, with at least 1 uppercase character, 1 lowercase character, 1 number and 1 special character (only from this list: @, $, €, #, %, *, ., ;, !, ?).

You're not allowed to paste passwords.

https://dumbpasswordrules.com/sites/velib-metropole/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I warn you - this will physically hurt to read:

> How did the experts succeed in their intrusion? Mainly by the weakness of certain passwords that Anssi politely describes as “trivial”: type “LOUVRE” to access a server managing the video surveillance of the museum, or “THALES” to access one of the software published by... Thales.

https://archive.ph/l0web

#Louvre #CyberSecurity

This dumb password rule is from Discovery Benefits.

Requires at least one symbol, but must be one of `! @ # $ % & * ?`, and also
has an unstated max length of 20 characters.

https://dumbpasswordrules.com/sites/discovery-benefits/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Replit.

Forces to use minimum 8 characters in the password and it must contain at least one uppercase.

https://dumbpasswordrules.com/sites/replit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Taiwan Pingtung University.

Password must:
- Be between 8 ~ 15 characters long.
- Exceeding 15 will result in an account lockout instead of
erroring on submit. Otherwise, the max character
length should be 20.
- Contains at least 1 number character
- Contains at least 1 lowercase character
- Contains at least 1 uppercase ...

https://dumbpasswordrules.com/sites/taiwan-pingtung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from WeatherBug.

Maximum 16 characters.

https://dumbpasswordrules.com/sites/weatherbug/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776).

Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access.

The root cause of this bug is the incorrect use of == to match the password hash:

if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password )

The fix is to use === for the comparison.

This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability. https://mantisbt.org/download.php

#CVE_2025_47776 #infosec #cybersecurity

Alt...

Root cause of CVE-2025-47776 vulnerability: Use of == instead of === to compare password hashes.

This dumb password rule is from CENLAR.

Your password can meet all the requirements in the list and still be invalid due to
an unspecified rule: any "special characters" that are not listed in the help text
are not allowed. Worse, it provides no useful feedback other than the "New Password"
field is red.

https://dumbpasswordrules.com/sites/cenlar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

https://cybersecuritynews.com/phantomraven-attack-involves-126-malicious-npm-packages/

#NodeJS and especially the libary repository #NPM is really becoming the PHP security problem of 2025.

Another breach of libaries hosted on npm, this time 126 malicious npm packages that have collectively accumulated over 86000 downloads are affected

#infosec #cybersecurity #clownsecurity

This dumb password rule is from UL Standards.

- Passwords must be between 8 and 12 characters
- Passwords cannot contain any blank spaces
- Passwords must contain at least one number, one uppercase letter, and one lowercase letter.
- Password Reset will randomly fail for no reason.

https://dumbpasswordrules.com/sites/ul-standards/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#Python plan to boost software security foiled by #Trump admin’s anti-#DEI rules

https://arstechnica.com/tech-policy/2025/10/python-foundation-rejects-1-5-million-grant-over-trump-admins-anti-dei-rules/

#cybersecurity #politics

Why the heck is there a call to bash and install dependencies / npm install embedded in the FAA's TFR pages? (Updated: amused to learn, informally, there's already a ticket filed against this one at the FAA).

view-source:https://tfr.faa.gov/tfr3/?page=detail_5_9106

#cybersecurity

Alt...

content with descape to bash install dependencies npm install

This dumb password rule is from Electronic Arts (EA).

Your password must be 8 - 16 characters, and include at least one lowercase letter, one uppercase letter, and a number.

https://dumbpasswordrules.com/sites/electronic-arts-ea/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Keimyung University.

Okay, doesn't looks that hard... But wait, there are hidden rules!

Hidden rules: your password can't have 3 times the same character in a row or more than 2 consecutive numbers.
Also if your password is 20 characters or more you won't be able to write it in the mobile app.

https://dumbpasswordrules.com/sites/keimyung-university/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from El Corte Ingles.

Min 6 and max 8 characters for password! Can't contain anything
different than letters and numbers. Apart, the email address must have
at least 8 characters (sorry million dollar domain owners! :D)

https://dumbpasswordrules.com/sites/el-corte-ingles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Aetna Health Insurance.

- Password cannot be longer than 20 characters
- Password cannot have spaces and more 2 characters repeated in a row
- Password cannot have user's first name, last name or username

https://dumbpasswordrules.com/sites/aetna-health-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from A1 Mobile Serbia.

A1 mobile Serbia is a mobile provider in Serbia that imposes poor password rules.

Translation: "Length of the password must be between 8 and 20 characters and can only have letters and digits."

https://dumbpasswordrules.com/sites/a1-mobile-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from CenturyLink.

So many bad ideas: a low maximum length, requiring six specific character types while not accepting common symbols,
plus a weird restriction that makes random generation harder.

https://dumbpasswordrules.com/sites/centurylink/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from NBC (National Bank of Canada).

- Password length must be 8 to 25 characters
- Password must contain at least one lower letter (any position)
- Password must contain at least one digit (any position)
- Password cannot contain spaces.
- Copy/paste is not allowed when trying to set a new password

https://dumbpasswordrules.com/sites/nbc-national-bank-of-canada/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MarketWatch.

- Cannot be longer than 15 characters.
- Must contain one number.
- Cannot contain spaces, %, & or +.

https://dumbpasswordrules.com/sites/marketwatch/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Comcast.

Your password should be difficult to guess as long as it's not over 16
characters long.

https://dumbpasswordrules.com/sites/comcast/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Air Miles.

- Exactly 4 numbers.

https://dumbpasswordrules.com/sites/air-miles/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

As a cybersecurity professional from where do you hail? I'm trying to understand the community around here.

My "feeling" is that there are quite a few Americans around here, but I would like to better understand the diaspora.

I know this is not the most intelligent of polls but as a start mkay? Boost if you don't mind :)

#Cybersecurity #Infosec

This dumb password rule is from Roll 20.

Your new password must be at least 4 characters long and no longer than 40 characters. Your password was not changed.

https://dumbpasswordrules.com/sites/roll-20/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🔒 Signal users beware! Phishing messages posing as “Security Support ChatBot” are targeting accounts, urging users to share verification codes. Don’t fall for it—Signal never asks for codes via chat. Always verify contacts & report suspicious requests. #CyberSecurity #PhishingAlert

👉 https://cyberinsider.com/signal-users-targeted-by-fake-support-messages-for-account-hijacks/ #newz

This dumb password rule is from Sears.

"cAsE sensitive, no spaces, ! or ?
8 characters min - 1 letter, 1 number
Can't repeat same character more than 3 times in a row
Cannot be or contain your username or email address"

https://dumbpasswordrules.com/sites/sears/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sprint.

Sprint "upgraded" their security and disallow special characters.

https://dumbpasswordrules.com/sites/sprint/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

#ToysRUs #Canada warns customers' info leaked in #DataBreach

https://www.bleepingcomputer.com/news/security/toys-r-us-canada-warns-customers-info-leaked-in-data-breach/

#privacy #cybersecurity #toys

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Premera Blue Cross.

Password must contain 8-30 characters, including one letter and one number.
"Special characters allowed" seems to mean a very small handful of choices you can only find through trial and error `-_'.@`

https://dumbpasswordrules.com/sites/premera-blue-cross/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Sky Ticket.

Sky is a german pay-TV provider with over 23 million subscribed users worldwide. They also have an online streaming service called "Sky Ticket".

You can only set a **4 digit long PIN** with no option for two-factor authentication or any additional security mechanisms.

https://dumbpasswordrules.com/sites/sky-ticket/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Any #CyberSecurity folks interested in this?

https://www.eventbrite.com/e/bsides-pyongyang-tickets-1859223941859

This dumb password rule is from Scandinavian Airlines.

The password rules itself is fine, but, it doesn't inform about the max length of the password.
Their max length is 14 characters, so even if you enter a password of 42 chars, you can login with the first 14 of it.
In this case, I changed my password to **Super_l0ng_password_that_fits_all_criteri...

https://dumbpasswordrules.com/sites/scandinavian-airlines/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Merrill Lynch.

Passwords must be between 8 and 20 characters, and some special characters are allowed. Users with randomly-generated passwords may find it particularly annoying to generate a password that works for their password safe.

https://dumbpasswordrules.com/sites/merrill-lynch/

#password #passwords #infosec #cybersecurity #dumbpasswordrules