Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.
Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…
I redid one of mine yesterday; 3-months, exactly 8 characters, must use a symbol from the three approved ones (#$@).
I hate it, I wish they’d abandon that system or change the encryption requirement to match our other systems that use our physical badges.
Edit: it’s really dumb around the holidays, too. We’re off for Thanksgiving, Christmas and New Years so I really only got a few weeks out of that last one.