I get very annoyed when I encounter a dumb password rule in the wild. One day, I had enough and wanted to let everybody know how dumb these rules are.

Originally created by me. Made what it is today by all the wonderful contributors. ❤️

There's also a bot that periodically toots random rules on Mastodon!

You probably know it when you see it. "Maximum 17 characters, must start with a 7, no ~ allowed." If you aren't sure, open a new issue or PR to discuss. This isn't a scientific study. There aren't any hard and fast rules though, so let's talk about it.

New contributions are always welcome! Please add your entry on GitHub. If you're not a developer and don't know what GitHub is or how to work with it, why don't you drop me a line and I'll lend a hand!

If you've fixed your dumb password rule, awesome! I'll happily remove entries that have been corrected. Please open a pull request to have your entry removed on GitHub.