- Feature Articles
- CodeSOD
- Error'd
-
Forums
-
Other Articles
- Random Article
- Alex's Soapbox
- Announcements
- Best of…
- Best of Email
- Best of the Sidebar
- Bring Your Own Code
- Coded Smorgasbord
- Mandatory Fun Day
- Off Topic
- Representative Line
- News Roundup
- Editor's Soapbox
- Software on the Rocks
- Souvenir Potpourri
- Sponsor Post
- Tales from the Interview
- The Daily WTF: Live
- Virtudyne
Admin
They didn't say "at least one special character". They said "at least one special characters".
Presumably the parentheses in the text are just the bag in which the actual sought-after special characters are held. Which is a WTF, for sure.
Admin
Yep, exactly, the parentheses aren't a character you can use, that's not as common as it used to be, but that group of usable characters and the way they're displayed is more or less standard.
Admin
Your password has to satisfy three basic requirements. One, it has to have at least two special characters in it, who, two, talk to each other about, three, something besides password rules.
Admin
I hate overly strict password policies.
Admin
Welcome to ye olden IBM mainframe password rules that went something like this: "The password can be up to 8 characters. Allowed are the 26 letters A to Z, the 10 numbers 0 to 9, and the 3 national symbols @, #, and $. Letters are only uppercase. The first symbol must be a letter." Theoretically, today every UTF-8/16/32 or Unicode symbol, despite its representation, should be allowed, but hey, Bobby Tables...
Admin
OK, you win the Internet for today.
Admin
Argle's password being overdue for change by 8605 days is interesting. That suggests the password last change date was left uninitialized when their account was created.
Measured from today, that's June of 2002. Assuming this submission is a few months old that'd suggest their current password is reckoned to date from early 2002, or perhaps 12/31/2001.
Which is a very interesting sort of epoch. Of course the idea that the original value at account creation was taken from a random uninitialized memory value, rather than a default initialized zero epoch value is even scarier. Memorializing garbage RAM values into your user database (of whatever nature) is a sign of far more WTFery to come.
Admin
ahah. as if people would do that. cue experience where people left empty padding in a structure which was written to disk. did not zero it out. memory checker complained. "it's just padding, who cares". then they added stuff that the compiler happily put into what had previously been padding.
Fun
Admin
Password fields are just the same as other fields. Except the complain. But in the year 2026 there is still software, which accepts special characters (äöüß in my case, whole alphabets for asian colleagues), just to hack them to bit junk afterwards. Or sometimes they miracuously stay intact just to blow up the XML export in unexpected ways at the most non-opportune time. I'm looking at you, three letter company from Germany which takes twice my yearly salary to just pick up the phone.
Admin
Just this weekend I needed to create an identity at a website affiliated with a car dealership. Password requirements you ask? How about 1+ each of the typical big 4 categories with a length between 4 & 10.
Ten. The thing my PW generator spit out looked so puny it almost didn't look qualitatively like a password to me. More like the hash of a password. Sheesh.
Admin
No. It's overdue by -8605 days. That suggests he last changed it in about 2048.
Addendum 2026-01-05 08:01: Bah. Forget that. I can't tell the difference between "expires" and "expired".
Admin
The "You can have too much security!" problem probably comes out of an attack of certain hashing functions that renders them useless (i.e. any text is accepted as the correct password) if the password itself is longer that 50-ish characters.