Certainly one of the major obstacles to generating reliably strong and secure passwords for our websites is the intensely diverse range of password policies that various websites have put into place, ironically with the "intent" of enforcing strong passwords, while the net effect is often the exact opposite.
I'd like to catalogue any password policies you may have come across that seem restrictive or problematic, to build a somewhat representative picture of the various policies we're dealing with out there.
If you come across a website that advertises its password policy, please consider adding a reply to this post and reporting on it.
To help standardize these reports, please copy-paste this template into your reply and fill it out. If you find more interesting website policies later on, please consider hitting Edit on your post rather than making a new one.
- minimum: 8
- maximum: ∞
- letters: 1+ uppercase, 1+ lowercase
- numbers: 1+
- symbols: any
- limitations: no
<notes on apple.com>