Bad Password Rules

About

Why does this exist?

I get very annoyed when I encounter a bad password rule in the wild. One day, I had enough and wanted to let everybody know how bad these rules are.

Who made this?

Originally created by me. Made what it is today by all the wonderful contributors. ❤️

What's this about a bot?

There's also a bot that periodically toots random rules on Mastodon!

What makes a bad password?

You probably know it when you see it. "Maximum 17 characters, must start with a 7, no ~ allowed." If you aren't sure, open a new issue or PR to discuss. This isn't a scientific study. There aren't any hard and fast rules though, so let's talk about it.

I found a password rule that I think is bad. Can I add it to this list?

New contributions are always welcome! Please add your entry on GitHub. If you're not a developer and don't know what GitHub is or how to work with it, why don't you drop me a line and I'll lend a hand!

My company is on this list. How can I have us removed?

If you've fixed your bad password rule, awesome! I'll happily remove entries that have been corrected. Please open a pull request to have your entry removed on GitHub.