Your PIN can only contain numbers and must be between 4 and 6 numbers.

Does not show number of characters in the max character limit.

Max 15 characters, min 8. You cannot use **ANY** special characters - alpha-numerics only. This amazingly terrible password policy combines with a known phrase (The "Memorable Information") of which you will be asked for a random 3 characters of if you get your password right. This phrase has similar alpha-numeric restrictions applied.

You can enter whatever password you like! But you probably don't want to make it too long, because you'll break us and you'll never be able to login again.

The password must consist of at least 10 and at most 50 characters. It must contain at least one special character, one number, one lower-case letter and one upper-case letter. The following characters are permitted for the password: - Lower-case letters (a-z) - Upper-case letters (A-Z) - Digits (0-9) - Special characters (!\"§$%&/()=?*+'#-_.:,;|{[]}²³^°)

It's a good thing they don't store personal information such as your passport number... oh wait.

Letters and numbers only, no symbols. Also an undocumented maximum of 12 characters!

Silently (sic!) trim password to 30 symbols. That causes the stupid case when you could successfully registrate an account with password length of 52 and can't login with the password.

A1 mobile Serbia is a mobile provider in Serbia that imposes poor password rules. Translation: "Length of the password must be between 8 and 20 characters and can only have letters and digits."

This is the online customer portal of the German health insurance company AOK. They have an extensive set of rules for both passwords and usernames. The password rules are: - Length between 8 and 14 characters - At least one letter, one number and one special character - Special characters are: !@$%/=?`+@#_.;:{}| - The password must not start with ? or ! - The password must not include the username - The password must not be the same as any of your previous passwords The rules for the username are: - Length between 1 and 12 characters - No umlauts allowed (äöü), no special characters, no spaces, no ., no _, no ß

Will allow most passwords longer than 8 characters. Doesn't tell you there is a maximum length of 16 characters. Then forces you to type it with an on-screen keyboard with no capital letters.

A website to buy english-localized doujins. The password must be between 4 and 20 characters long

Some characters are **too** special.

You can gamble on our site. We'll keep your money secure with a 12 character password!

Password between 8-20 characters, at least two "categories" of characters, and cannot use the same character more than twice in a row. At least it supports MFA.

- Cannot be longer than 15 characters. - Must contain one number. - Cannot contain spaces, %, & or +.

Some characters are **too** special.

Will not allow you to copy-paste your password into the text box (e.g. from a password manager). Because allowing people to copy their passwords over will defintely not result in weak passwords :)

Max of 16 character oh and please don't use any characters we don'y know how to escape properly also if it starts with ? you may break our wonderful website. What out with your password generator duplicated characters is far too insecure to allow here.

The password requirement is not even fully enumerated. Upon inspection of the source code, the following lines were found, hidden by javascript: "Must include at least %MINSPECIAL of the following characters:-.~!@#&_{}|:$%^*()=[];?/+" The actual list of special characters that are prohibited is correctly enumerated there. It's a result of [`a misapplication`](https://cibng.ibanking-services.com/cib/scripts/jquery/custsvc/custSvcChangePassword.js) of the [`variable allowedSpecialCharacters found here`](https://cibng.ibanking-services.com/cib/scripts/jquery/custsvc/fis-visual-validator.js?version=20180507). It took under 5 minutes to find the bug after looking at the source for the first time. This is a bank.

After you request a password reset and you receive an email with instructions and link to reset your password, you are presented with this password reset form. Your password length is limited between 8 and 16 characters. Additionally the form breaks with an error if you use any special characters. The form does not mention anything about special characters. Waze is owned by Google.

You have to enter your 6-digit password using this Frenchy keypad.

Service for managing employment documents of the German company Datev. Only the following character categories are allowed: Letters, numbers and this special characters set: !#$%&()*+,-./:;<=>?@[\]^_`{|}~äöüßÄÖÜ

16 characters maximum, no `.` `,` `-` `|` `/` `=` or `_` allowed.

The best thing about rules, is that you can multiple different ones! Like SAS that allows you to have a long password at least when signing up, but you'll be sorry if you want to change your password later on.