This dumb password rule is from ADP.

Forced to change the password during the first login. At least they
could use proper grammar in their rule list.

https://dumbpasswordrules.com/sites/adp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Blue Cross Blue Shield Massachusetts.

16 maximum and no special characters. Protecting your US healthcare
information.

https://dumbpasswordrules.com/sites/blue-cross-blue-shield-massachusetts/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from United States Postal Service.

Pick from an arbitrary list of symbols, and no repeating characters.

https://dumbpasswordrules.com/sites/united-states-postal-service/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

🚨 Mozilla warns Firefox add-on developers of ongoing phishing attacks aiming to steal accounts & inject malware into popular extensions! Over 40 malicious extensions impersonate crypto wallets to steal assets. Stay vigilant & verify emails carefully! 🔐🕵️‍♂️ #CyberSecurity #Firefox #Phishing #Crypto https://www.techradar.com/pro/security/watch-out-those-firefox-add-ons-could-be-a-real-threat-to-your-entire-system-mozilla-warns
#newz

This dumb password rule is from Synchrony Financial.

Financial services - where we don't allow you to create the strongest
password possible.

https://dumbpasswordrules.com/sites/synchrony-financial/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Trenord.

- Password must consist of 8-16 characters
- Must contain 3 out of 4 of the following: lowercase characters, uppercase character, digits (0-9), and one or more of the following symbols: @#$%^&*-_+=[]{}|\:',?/`~“();.

https://dumbpasswordrules.com/sites/trenord/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MobileIron MDM.

You can't make this up - no dictionary words, no more than 2 repeating
characters, no alphabetic sequences, no whitespace, 3 character sets,
maximum of 32 characters.

https://dumbpasswordrules.com/sites/mobileiron-mdm/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Nachbarschaft.NET.

"Mindestens 6 und maximal 12 Zeichen" - or in English: "At least 6 and max. 12 characters.

https://dumbpasswordrules.com/sites/nachbarschaft-net/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from MetLife.

Max length of 20 characters, no special characters allowed.
Pasting into the second password field is disabled even with
the Chrome extension Don't Fuck With Paste.

https://dumbpasswordrules.com/sites/metlife/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

@cR0w @campuscodi

The national policy on public health is exactly this:
No disease surveillance == no evidence of diseases
No evidence of diseases == we are healthy

Economic policy also: don’t like the jobs statistics? Fire the person in charge of that department and replace them with someone who knows what the numbers are supposed to be.

The #cybersecurity policy, therefore, is completely aligned with the approach to all other data-oriented public policies: data can be embarrassing and inconvenient. Let’s have less of it.

This dumb password rule is from HM Revenue & Customs (UK Tax).

We store basically all of your data, but we can't store your password.

https://dumbpasswordrules.com/sites/hm-revenue-and-customs-uk-tax/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from La Banque Postale.

Password must be 6 digits and entered on custom pad.

https://dumbpasswordrules.com/sites/la-banque-postale/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from SAP Cloud Appliance Library.

Passwords between 8 and 9 characters are the best.

https://dumbpasswordrules.com/sites/sap-cloud-appliance-library/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Blackrock.

They force you to enter a password that has 8, 9, or 10 characters, then
they lecture you on how to create a strong password.

https://dumbpasswordrules.com/sites/blackrock/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

The UK Online Safety Act is a hot mess 🥴

Drunk on boarding up more of the Internet than even the government's paedo test could justify.

Pushing people into riskier stuff online, enabling scammers and walking off with your ID.

Tell your MP to sort it out! ⬇️

https://action.openrightsgroup.org/tell-your-mp-online-safety-act-isn%E2%80%99t-working

#OnlineSafetyAct #onlinesafety #OSA #privacy #ageverification #ageassurance #ukpolitics #ukpol #netplurality #censorship #cybersecurity

The Online Safety Act is technologically naive and ignorant to privacy risks, so people are finding ways around age verification. But...

❌ Teens could be pushed towards riskier things like the dark web, dodgy free VPNs or scams.

✅ Invest in a public information campaign to help people navigate online safety and learn about the privacy risks of age verification.

#OnlineSafetyAct #onlinesafety #OSA #privacy #ageverification #ageassurance #ukpolitics #ukpol #security #cybersecurity

This dumb password rule is from Trade Me.

Won't allow spaces or single quotes. Maybe other characters as well -
they do not say up front - but the password they accepted contained lots
of other special characters.

https://dumbpasswordrules.com/sites/trade-me/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This article by Unit42 from Palo Alto is most excellent stuff, attribution framework.

We really need this sort of foundational frameworks to enable systematic and repeatable attribution and to get "everyone" to do the same amount of work.

Perhaps this will also allow us to get away from every single attack being described as extremely advanced and sophisticated. (Entry vector: Default credentials).

This will go into my read deeper list.

https://unit42.paloaltonetworks.com/unit-42-attribution-framework/

#ThreatIntel #Cybersecurity #Infosec

This dumb password rule is from GameFly.

Password is 6-12 characters with no other restrictions. You can easily do 6 numbers, 6 lowercase letters, etc.

https://dumbpasswordrules.com/sites/gamefly/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Does anyone know of any kind of standards for applicational logging that define events to log and a format/syntax to log them?

I've found old MITRE CEE and OWASP references below. Are there any others like these?

Please boost if you can.

https://cee.mitre.org/language/1.0-beta1/core-profile.html

https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Logging_Vocabulary_Cheat_Sheet.md

#logging #monitoring #cybersecurity #appsec

This dumb password rule is from Securvita BKK.

Your password can not exceed a length of 30 characters. However, they don't tell you this: If you try to set a longer password, they instead shame *you* for not including at least one uppercase letter, one lowercase letter, one digit and one symbol – *even if you did*.

The error message translat...

https://dumbpasswordrules.com/sites/securvita-bkk/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from T-Mobile.

We prefer to not tell you which characters you can use up front.

https://dumbpasswordrules.com/sites/t-mobile/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

They didn’t not tell us to break encryption 🤐

First Apple, now the UK government has seemingly ordered a backdoor into Google’s encrypted services.

To access anyone’s data, files and photos, they’re happy to break everyone’s security 😵‍💫

Read more ⬇️

https://www.openrightsgroup.org/press-releases/google-refuses-to-deny-uk-encryption-demands/

#e2ee #encryption #privacy #security #google #apple #ukpolitics #ukpol #surveillance #cybersecurity #android

This dumb password rule is from Global Entry.

"Our duties are wide-ranging, and our goal is clear - keeping America
safe."

https://dumbpasswordrules.com/sites/global-entry/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

I DID IT!

Dewey invented the Dewey Decimal System, Morse invented the Morse Code, Plato invented the plate. I, influenced by what I saw at a #CyberSecurity conference I have designed and dedicated to the Public Domain the penultimate way to get removed from #infosec sales offerings.

I present to you the "No Purchasing Authority" seal. Put it on a button, wear it as a sticker, respond to emails with it. Regardless, this helps you and the sales person understand that this relationship is going nowhere.

Alt...

White on black "No Purchasing Authority" with the symbols for dollar (green), euro (blue), yen (red) with a circle and line through symbolizing "no" Underneath, a dedication to the Public Domain CC0 1.0 Universal.

This dumb password rule is from Netflix.

[The help page](https://help.netflix.com/de/node/54078)
and the [password reset page](https://www.netflix.com/password) say:

Ihr Passwort muss zwischen 4 und 60 Zeichen lang sein und darf keine Tilde (~) enthalten.

https://dumbpasswordrules.com/sites/netflix/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Movistar.

Min 7 and max 8 characters for password! Also to be different than the
username: the user name is automatically generated and is based on the
surname of the user with some characters replaced by digits :)
Has been that way for more than 10 years.

https://dumbpasswordrules.com/sites/movistar/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Don't trust cloud services with your creative work.

#enshittification #privacy #infosec #security #cybersecurity #writing #art

Alt...

Tumblr post by maerossi. screenshot - "Google Sheets We're sorry. You can’t access this item because it is in violation of our Terms of Service." Everyone: Please please please don't write your books in Google Docs. Frankly don't use Google Drive for personal stuff. Their terms of service say they take down stuff like content related to terrorism and trafficking, but this Google Sheet was literally a list of movies I'd watched this year and books I'd read. 23 Jul Holy smokes, guys. It's way worse than | thought. Google actually took away access to every single file of fiction writing I'd made on that account. BUT | backed it all up on Scrivener yesterday by coincidence. So | haven't lost my work, but I could have just lost the 12,000 words I've written this month after a year of really intense writer's block. I honestly don't know what that would have done to my psyche. Please be careful out there, folks! <3

This dumb password rule is from Safeway.

Passwords limited to 8-12 characters.

https://dumbpasswordrules.com/sites/safeway/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Maybe we should change the spelling of "vulnerabilities" to read "Microsoft?" It's hard to pin the worst offenders. There are others, so many more.

Kaspersky: ToolShell: a story of five vulnerabilities in Microsoft SharePoint https://securelist.com/toolshell-explained/117045/ @Kaspersky #Microsoft #cybersecurity #infosec #SharePoint

🆕 blog! “QR Code Hijacking Attempts Are Pretty Inept”

I've been writing about QR codes since 2007 - long before they were fashionable. Because QR Codes are so cheap to produce, there has always been a concern that attackers might print out their own codes and stick them over legitimate ones. When I first wrote about QR Hijacking in 2011, I said that such […]

👀 Read more: https://shkspr.mobi/blog/2024/07/qr-code-hijacking-attempts-are-pretty-inept/
⸻
#CyberSecurity #qr #QRCodes

This dumb password rule is from KPMG Talent Community.

While stating otherwise, the site actually *accepts a backslash* in the password
and displays a forward slash as the example of the disallowed backslash
Password:
- Must be at least 8 characters long
- Must contain at least 1 number
- Must contain at least 1 letter
- Must contain at least 1 spec...

https://dumbpasswordrules.com/sites/kpmg-talent-community/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from Estheticon.

- At least 8 characters but limited to 20 characters at max
- At least 1 digit
- At least one letter (just a letter in general, no specific casing required)
- No special characters at all

https://dumbpasswordrules.com/sites/estheticon/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

You have two weeks left to get your awesome talks into @pancakescon and @ComfyConAU !!!! Don’t miss out being part of our insane global free online con!!! https://forms.gle/H5bCRSaJY1f3tHGq5 #cybersecurity #cfp

This dumb password rule is from Bloomingdale's.

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

https://dumbpasswordrules.com/sites/bloomingdales/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from GoDaddy SFTP.

Max 14 characters for the most important password in your shared hosting environment.

https://dumbpasswordrules.com/sites/godaddy-sftp/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

Insurance giant Allianz Life says ‘majority’ of customers’ personal data stolen in cyberattack:

https://techcrunch.com/2025/07/26/allianz-life-says-majority-of-customers-personal-data-stolen-in-cyberattack/

#databreach #socialengineering #cybersecurity #thirdparty

BSides Bristol , Cyber Security workshop at University of West of England , 5-6 sept, 2025

If I wasn't going to be abroad I'd sign up for this. As I'm seriously looking at getting deeply involved in this area, rather than just doing damage limitation.

#bristol #cybersecurity
https://www.bsidesbristol.org.uk/

Windows market share in Germany drops to 69.78%, down nearly 10 points in a year 📉

Meanwhile, macOS rises to 19.59%, driven by user demand for privacy & seamless integration 🍏

Linux more than doubles to 5.49%, reflecting growing interest in open-source, secure, and flexible systems 🐧

#Linux #Desktop #FOSS #Privacy #Security #OpenSource #Microsoft #Windows #TechNews #CyberSecurity #UserFreedom #Freedom #Tech #Technology #AI #OS #MacOS

This dumb password rule is from CAF (French Family Allowance Fund).

You have to enter your 8-digit password using this Frenchy keypad.

https://dumbpasswordrules.com/sites/caf-french-family-allowance-fund/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from ING a dutch bank in almost 50 countries.

Max 20 characters, must have one number, one upper case character and one lower case character.
You can only use certain special characters.
When i asked about it they answer that it's really hard to change it.
When i asked if the password is saved as a hash or just plain they send the answer to ...

https://dumbpasswordrules.com/sites/ing-a-dutch-bank-in-almost-50-countries/

#password #passwords #infosec #cybersecurity #dumbpasswordrules

This dumb password rule is from BCV.

Username is randomly generated, example: 'H2487414'. The password must have **6** digits only.

Password can only be changed from the mobile application:

https://dumbpasswordrules.com/sites/bcv/

#password #passwords #infosec #cybersecurity #dumbpasswordrules