This dumb password rule is from BDO.

Please nominate a password which contains UPPERCASE, lowercase, numbers and symbols.
Password should not be the same as the user ID.
Avoid using consecutive characters such (ex. abc, DEF, 678) and invalid characters such as [!#$%^&';"].

https://dumbpasswordrules.com/sites/bdo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Saturn.

Passwords need to be between 8 and 15 characters.

https://dumbpasswordrules.com/sites/saturn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

everyone calm down, the enormous #NPM supply chain attack of the incredibly popular (27,000 #github stars) #nx #AI build tool thingamajig is probably aimed solely at crypto bros. if you don't have any crypto you (hopefully) don't have anything to worry about.

my fact free, completely unsupported by evidence hunch is that we will find this came from #NorthKorea (because if it's a well orchestrated attempt to steal a bunch of crypto it's pretty much always north korea).

https://universeodon.com/@cryptadamist/115102035321832152

#crypto #cryptocurrency #ethereum #npm #nodejs #node #js #javascript #webdev #DPRK #LazarusGroup #cybersecurity #infosec #threatintel #claude #gemini

This dumb password rule is from Sky Ticket.

Sky is a german pay-TV provider with over 23 million subscribed users worldwide. They also have an online streaming service called "Sky Ticket".

You can only set a **4 digit long PIN** with no option for two-factor authentication or any additional security mechanisms.

https://dumbpasswordrules.com/sites/sky-ticket/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

What's an open-source tool you literally can't live without?
Drop it below. 👇

Remember to boost 🔁 so we get more hidden gems. 🧵🔥

#Linux #Arch #LinuxMint #Fedora #Debian #Ubuntu #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #Tech #Technology #Apple #OS #iOS #MacOS #OperatingSystem

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Wells Fargo.

Your password must be between 8-32 characters long and inexplicably doesn't accept `-` but does seemingly accept other special characters.

https://dumbpasswordrules.com/sites/wells-fargo/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The Attention Spotlight lights; and, having lit,
Moves on: nor all thy Posting nor Wit
Shall lure it back to patch half the Systems;
Nor all thy Tears fix a Root Cause of it.

#cybersecurity

(with apologies to Omar Khayyám)

This dumb password rule is from Moose Mobile.

Moose mobile is an Australian mobile service provider that imposes poor password requirements.
"The password must be of minimum 4 and maximum 15 characters. The Confirm Password field may only contain alpha-numeric characters."

https://dumbpasswordrules.com/sites/moose-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

"Last week, Russia announced it will require that all new phones and tablets sold within its borders pre-install a messaging app called Max. Security experts who did technical analyses of Max’s software for Forbes said it’s a privacy nightmare.

While Russia’s interior ministry has claimed the app, made by Russian social media giant VK, is more secure than competitors, a cybersecurity researcher found that Max constantly monitored all user activity on the app with“excessive tracking.” The researcher, who completed the analysis with phone forensics tool Corellium, asked to remain anonymous for fear of reprisals by Russian intelligence agencies.

“This app just gathers all the data and logs it. I don’t remember seeing that in any messenger app,” they said. “Max is not secure at all. There is no cryptography, unless it’s hidden very well, but I doubt that. It is insecure by design to serve its purpose: people surveillance.”

Max was launched in March, and appears to be limited to Russian and Belarussian phone numbers. Functionally it works similar to messaging apps like Telegram and Whatsapp, but it also has an AI chatbot called GigaChat 2.0 and the ability to book travel and make bank transfers."

https://www.forbes.com/sites/thomasbrewster/2025/08/26/kremlin-whatsapp-rival-is-designed-to-spy-on-users/

#Russia #CyberSecurity #Messaging #Privacy #LocationTracking #Spyware #Surveillance

This dumb password rule is from Jitterbit.

While not the dumbest password rule, still dumb.

Password must have a length of at least eight characters and contain
at least one: number, special char `!#$%-_=+<>`, capital letter,
and lowercase letter.

https://dumbpasswordrules.com/sites/jitterbit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Security researchers from Palo Alto Networks' Unit 42 have discovered the key to getting large language model (LLM) chatbots to ignore their guardrails, and it's quite simple.

You just have to ensure that your prompt uses terrible grammar and is one massive run-on sentence like this one which includes all the information before any full stop which would give the guardrails a chance to kick in before the jailbreak can take effect and guide the model into providing a "toxic" or otherwise verboten response the developers had hoped would be filtered out.

https://www.theregister.com/2025/08/26/breaking_llms_for_fun/

#cybersecurity #AI

This dumb password rule is from Mindware.

You "*may use special characters*", but only some of them - and we won't
necessarily tell you which ones.

https://dumbpasswordrules.com/sites/mindware/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Banca Intesa Serbia.

Online banking portal of Banca Intesa Serbia has some password restrictions.
This is the translation of the requirements:

No special characters, minimum number of characters is 8, maximum number of
characters is 22, minimum number of upper case letters is 1, lower case also 1,
numeric characters...

https://dumbpasswordrules.com/sites/banca-intesa-serbia/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🆕 blog! “Security Flaws in the WebMonetization Site”

I've written before about the nascent WebMonetization Standard. It is a proposal which allows websites to ask users for passive payments when they visit. A visitor to this site could, if this standard is widely adopted, opt to send me cash for my very fine blog…

👀 Read more: https://shkspr.mobi/blog/2025/08/security-flaws-in-the-webmonetization-site/
⸻
#BugBounty #CyberSecurity #ResponsibleDisclosure #WebMonetization #xss

This dumb password rule is from Replit.

Forces to use minimum 8 characters in the password and it must contain at least one uppercase.

https://dumbpasswordrules.com/sites/replit/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I'm not sure what's worse: If German American Bank is actually promoting three different look-alike domains and thinks that's good for security or if one or two or more of these are fake and German American Bank hasn't noticed and gotten them taken down yet.

It's like they are training their customers: "If it has German American anywhere in the name and the graphics look the same, assume it's safe!" 🤦‍♂️

#infosec #security #CyberSecurity #phishing

Alt...

Screenshot of search results where germanamerican.com germanamericanonline.com and germanamericabchome.com all appear to be German American Bank.

This dumb password rule is from Bouygues Telecom.

- Password cannot be more than 20 characters long
- Password can't contain special chars other than ASCII ones (for a French website this sucks as é, à, ç and so on are rejected...)

https://dumbpasswordrules.com/sites/bouygues-telecom/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Puh endlich ist unsere große Wechselrichter-Geschichte erschienen. Sie ist voller Sicherheitslücken und anderer Angriffspunkte und mir ist mit jedem Interview und jeder Analyse klar geworden: es sieht nicht gut aus. 80 Prozent der Technik auch in privaten Solaranlagen stammt aus China und kann von dort fern gesteuert werden. Und es gibt Sicherheitslücken noch und nöcher.
(Paywall; freier Link folgt für Follower:innen im Thread)
https://www.zeit.de/digital/2025-08/sicherheit-solaranlagen-wechselrichter-angriff-hacker
#cybersecurity #solar #photovoltaik

Every network is standards and regulatory compliant until it gets punched in the face.
#cybersecurity #security

https://www.philvenables.com/post/everyone-has-a-plan-until-they-get-punched-in-the-face

This dumb password rule is from ING a dutch bank in almost 50 countries.

Max 20 characters, must have one number, one upper case character and one lower case character.
You can only use certain special characters.
When i asked about it they answer that it's really hard to change it.
When i asked if the password is saved as a hash or just plain they send the answer to ...

https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Ancestry.

Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter or special character
- Must not be a well known or common password

https://dumbpasswordrules.com/sites/ancestry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I’m an AI skeptic because I’ve been involved in AI dev longer than a lot of you have been alive. I was obsessed with it before most people used internet regularly. And I know what a dangerous illusion it can be. #ai #cybersecurity

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Runescape.

A minimum password length of 5, and maximum password length of 20.

Does not tell you that your password is NOT case sensitive.

Hidden requirements: Alphanumeric only, no symbols, no repeated characters.

https://dumbpasswordrules.com/sites/runescape/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from myezyaccess.com patient portal system.

12-character maximum password length. This is not a single website but a patient portal system used by hundreds of medical facilities via subdomains, with password policy apparently being consistent for all sites.

https://dumbpasswordrules.com/sites/myezyaccess-com-patient-portal-system/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from LepidaID.

Password must:
- be 8 to 16 characters in length
- contain at least 1 upper-case character
- contain at least 1 lower-case character
- contain at least 1 number
- contain at least 1 non-alphanumeric character
- not contain more than 2 of the same consecutive characters
- not contain any public da...

https://dumbpasswordrules.com/sites/lepidaid/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Costco.com.

Due to Costco's short max password length of 16 characters, I strongly recommend using a password manager to make a random password to satisfy all of these conditions below:
* Use between 8 and 16 characters
* Include at least one lowercase (a-z) and one uppercase letter (A-Z)
* Include at least ...

https://dumbpasswordrules.com/sites/costco-com/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from College Board.

Password must be 9-30 characters with at least one upper case letter, one lower case letter, one number and one special character (no spaces) and be different than your username.

https://dumbpasswordrules.com/sites/college-board/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@timkmak another case of Trump's policy changes having a meaningful impact I see. Really paid off to gut those cybersecurity efforts focusing on russia

#russia #cybersecurity

This dumb password rule is from EON.

By the time I'd finished reading the rules I've forgotten all of them.

https://dumbpasswordrules.com/sites/eon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

📊 Poll of the Day
Past polls got great engagement — let’s go even bigger this time! 🚀

This is Mastodon, so we know the audience is a bit more techie... let’s see how that reflects in the results! 👀

Which OS are you using right now? 💻
(Feel free to reply with why you use it too 👇)

Vote + Boost 🔁 = ❤️

#Linux #Arch #LinuxMint #Fedora #Debian #Ubuntu #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #Tech #Technology #Apple #OS #iOS #MacOS #OperatingSystem

Apple: spaceship 🛸
Microsoft: glass tower 🏢
Linux: basement... still runs the internet 🐧😎

Root access > real estate.

Pic source: https://www.reddit.com/r/linuxmemes/comments/1mrtah8/stay_real/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button

📸👇

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS #Meme #TechMeme

Alt...

Three images showing the headquarters of major operating systems. The top left shows Apple's massive circular "spaceship" HQ labeled "iOS". Top right shows Microsoft's sleek modern building labeled "Windows". Bottom image shows a man standing in a modest home office setup, labeled "Linux", humorously suggesting Linux has no official headquarters.

The Record: Feds charge alleged administrator of ‘sophisticated’ Rapper Bot botnet https://therecord.media/feds-charge-botnet-admin @therecord_media

KrebsonSecurity: Oregon Man Charged in ‘Rapper Bot’ DDoS Service https://krebsonsecurity.com/2025/08/oregon-man-charged-in-rapper-bot-ddos-service/ @briankrebs

DoJ, from yesterday: http://justice.gov/usao-ak/pr/oregon-man-charged-administering-rapper-bot-ddos-hire-botnet #cybersecurity #infosec

This dumb password rule is from AOK (German Health Insurance).

This is the online customer portal of the German health insurance company AOK. They have an extensive set of rules for both passwords and usernames.
The password rules are:
- Length between 8 and 14 characters
- At least one letter, one number and one special character
- Special characters are: !...

https://dumbpasswordrules.com/sites/aok-german-health-insurance/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

TrendMicro has published an analysis of Warlock, the ransomware group that most likely was behind the attack on Colt.

https://www.trendmicro.com/en_us/research/25/h/warlock-ransomware.html

@GossiTheDog @campuscodi
#ThreatIntel #Cybersecurity #Infosec

VPNs are vital for online safety, but they're now in the firing line.

People have turned to them to protect their privacy, rather than splurge their data to unregulated age verification providers following the UK Online Safety Act.

But they have an important role to guard against predators online.

ORG's @JamesBaker explains why we must resist moves to age-gate this tech ⬇️

https://peertube.openrightsgroup.org/w/dmtYyFMktAE4hhdZWYSzH9

#OnlineSafetyAct #onlinesafety #VPN #ukpolitics #ukpol #cybersecurity #privacy

"While the UK may have dropped its demands for Apple to backdoor all of its users across the globe, UK users may still be banned from benefiting from [Advanced Data Protection] encryption."

"And if Apple does restore ADP to UK users, there will be serious questions of trust."

🗣️ ORG's @jim.

https://news.sky.com/story/uk-drops-apple-encryption-demands-says-us-spy-chief-13414482

#apple #encryption #e2ee #privacy #cybersecurity #security #ukpolitics #ukpol

This dumb password rule is from NordVPN.

- Password cannot be longer than 48 characters.

https://dumbpasswordrules.com/sites/nordvpn/

#password #passwords #infosec #cybersecurity #dumbpasswordrules