I ran across a site with the most insane password requirements awhile back:
Some of this is from memory, so it might not be exact, but the requirements were:
1. Passwords must be exactly 14 characters long
2. Passwords must contain all 4 character classes (upper case, lower case, numbers, symbols)
3. Symbols must be from the set (! , . : ; " $ % & *) -- This wasn't specified, I had to figure it out from trial and error.
4. No more than two characters from any one class in a row (so aaBB is ok, aaaB is bad)
5. Passwords must be reset every 3 months
6. Passwords can not be similar to any previous passwords (it's vague what "similar" means)
7. Passwords must not be stored externally (IE, no copy/paste, no password managers)
Luckily I don't have to use that system anymore, because it was just completely awful. To be fair, they also had smartcards that didn't require this password nonsense, so I think the requirements were partially to encourage people to use the smartcards instead.
Some of this is from memory, so it might not be exact, but the requirements were:
1. Passwords must be exactly 14 characters long
2. Passwords must contain all 4 character classes (upper case, lower case, numbers, symbols)
3. Symbols must be from the set (! , . : ; " $ % & *) -- This wasn't specified, I had to figure it out from trial and error.
4. No more than two characters from any one class in a row (so aaBB is ok, aaaB is bad)
5. Passwords must be reset every 3 months
6. Passwords can not be similar to any previous passwords (it's vague what "similar" means)
7. Passwords must not be stored externally (IE, no copy/paste, no password managers)
Luckily I don't have to use that system anymore, because it was just completely awful. To be fair, they also had smartcards that didn't require this password nonsense, so I think the requirements were partially to encourage people to use the smartcards instead.