On a more serious note, whenever a web site doesn't like my actually secure password, I try Password#1, and it works almost every time, with the most common rejection being because it's more than eight characters.
There was a story on here, I think, of someone who could no longer enter their password because an obscure character in it was no longer supported by their device, presumably Unicode. Can't find it now.
I remember a site that only prohibited certain special characters ($, #, %, /, \, *, ;, decimal point (.) and comma (,)), but others were fine. I remember it because usually sites prohibit all special characters or just a couple.
There's always this: https://neal.fun/password-game/
On a more serious note, whenever a web site doesn't like my actually secure password, I try Password#1, and it works almost every time, with the most common rejection being because it's more than eight characters.
There was a story on here, I think, of someone who could no longer enter their password because an obscure character in it was no longer supported by their device, presumably Unicode. Can't find it now.
I remember a site that only prohibited certain special characters ($, #, %, /, \, *, ;, decimal point (.) and comma (,)), but others were fine. I remember it because usually sites prohibit all special characters or just a couple.
In most cases i see an difference in the special characters.
password rules make very little sense except for minimum number of characters.
when you impose rules on a password you also imply a list of non-possibilities.