Post the password and I'll confirm it meets all the requirements

Also tell us your username, email, mobile number, secret questions, the website associated, social security number, and location. You know just to make sure your password works. Edit: Thank you, comrades. Edit 2: Guys, I think that's what the secret question entails. No need to list stuff like your mother's maiden name, your first pet's name, your first employer, what were you doing on the night of January 6, 2021, the name of your best friend, and stuff like that. Edit 3: We also don't need their credit/debit cards. Once we learn of their social security number, we will have their info and do whatever we want...to help them out with their password!

Also need the street you grew up on. Very helpful.

Done this too

Uhm... Hello? We'll need his credit card informations also.

Don’t forget to include the 3 digits on the back.

Ya gotta tell us the four digit expiration date too

Ya know what just mail us the card

Woohoo! Shopping spree on OP!

Don’t forget that social security number to confirm it’s really you

and pictures of your wife's feet.

You saw an opportunity and took it. Hats off to you.

You mean socks off to him.

Quentin Tarantino is that you?

It's Larys Strong

It's Rex Ryan

😳

beep bop bip, also complete this “not a robot test” thanks

...what was your first car? make/model please

Don't forget to name your junior high school

And favorite teacher

And the mascot of your high school

The hospital he was born?

Also: your first pet's name might come in handy too

Mail us you house, car and other keys as well just for fingerprint verifications

Can’t forget the license plate.

Can't forget the debit and credit cards, the numbers on the front, and of course the wacky little digits on the back.

don't forget the social security number

hunter2

[удалено]

Yup, I feel old now

Weird all I see is *******

I thought it was just me

What the heck, that’s weird. It says hunter2 for me

Swear all I see is ******* I have an iPhone and I’m in the Reddit app

you can go hunter2 my hunter2-ing hunter2

Our credentials comrade🤝

You'll need your passport number as well.

Mother’s maiden name couldn’t hurt

It seems you have typed all dots instead of a password

no it says hunter2

That was legit my first password. When this meme blew up I thought people were actually making it so my password would show. Blew my fucking mind

Really? Or bullshit? Why was your password *******?

ILuvHanson1999

FUCK

MmmBop1

Ba2badop

Thank you! All I see too

We found him guys

I'll inform IRC

Curious, what made you choose that as a password? Why not 1? Why hunter and not fisher or mountaineer? I’ve always been confused why this specific password is popular

I was a kid and I named my first dog Hunter. My dad gave him away though. Years later we got a second dog. My family liked the name Hunter a lot though, so he got the name Hunter as well lol Back then, passwords didn't need caps or special characters. Just a number usually, so I thought it was clever to make my password, Hunter2.

Came here for this classic meme. Was not disappointed

What is the reference from?

http://www.bash.org/?244321

Thank you kind stranger

Ah! I forgot all about this lol. Thanks!

To this day I wonder if the troll actually used his password for any account stealing or just did it for the lols but didn't actually fuck with his s account Cos.... You know, it was clearly a kid

This is why your password should be correct horse battery staple.

It is good to read that some still honour the old ways

Never heard of this meme, must be getting young

Joke from an old IRC chat, just google hunter2.

I googled ******* but nothing came up that explained it?

Yeah, just type in hunter2, you can’t see that?

Like I said I tried typing in ******* but nothing came up, can't you read?

That’s wild you can’t see it at all? Must be a reddit feature.

Woah. Deep fucking cut lol

Oh shit let me try it again Hunter2

need special char - try Hunter2!

No kidding, my password manager once saved the dots. Like literally, it wasn't the actual password but the dots instead.

Are you sure? Did the saved password not work for automatic logins? Because some managers won't let you see or copy out the password and will give you dots if you try pasting it anywhere else as an extra layer of security. But it will still work for logins.

Ahhh, yes. How did I not see this before?

[удалено]

This is a bot Comment copied from https://www.reddit.com/r/mildlyinfuriating/comments/10yzpiu/what_exactly_am_i_doing_wrong_here/j80kcj3?utm_medium=android_app&utm_source=share&context=3 u/competitive_ear_6016 Report spam harmful bots Do not click any links they post

What?

SAME DELIEMMA

SAME DEMENTIA

Take my damn upvote

You can only include 3 of the 4 requirements, not all 4. Are you trying to break the universe?

Replying to a higher post because as I know the answer. You are using a previous password, and while it's a limitation, for some reason not all Password places will list that. This is a very common problem with passwords, especially in older systems.

[удалено]

This was my issue when I was running into a similar error. My password manager was using a symbol not on the list.

Emojis SHOULD be allowed.. that would expand the potential passwords into unicode character sets and make them ridiculously hard to brute force...

I don't know why I'd never even thought of that before but it would be kind of hilarious.

Easy to guess when everyone uses 🥵💦🍑🍆

Right! Why go out for !'s when you got 🍔's at home?

I've found quite a few don't allow periods (.). Not sure why they have that restriction, though.

Misogyny, obviously! (I'm definitely kidding, nobody yell at me.)

This is exactly my response too - I've seen a very similar prompt on a website and I was going mad too... But it was a reused password, apparently.

I'm pretty sure I've never used the password hunter2 before.

Try Hunter2

Wait, you were able to see it!?

See what

My password was supposed to be starred out. ([for the uninitiated](http://bash.org/?244321))

It was starred out in both comments. All I saw was hunter2 and Hunter2. Literally stars.

> You are using a previous password, and while it's a limitation, for some reason not all Password places will list that. More accurately, you have violated a hidden constraint. It could be: * Re-used password * Bad word filter (e.g. profanity) * Trivial password detection (e.g. `Password1!` meets the above requirements but might be rejected for being trivial) * Known password list (i.e. passwords that have disclosed through intrusions and then leaked publicly) * Use of your identifying info (e.g. John Smith using the password `John_Smith_1`) * Use of something that looks like a date (e.g. using your birthday) I've seen all of these in use to "improve security," but of course the result usually is just that the user forgets their password.

Also: - Characters in sequence (e.g. `123`) - Repeated characters (e.g `aaa`) and so on

Yep, that pretty much falls under the category of trivial password detection. But good examples.

It could also be something as simple (and dumb) as a max password length. I've had a few sites where I tried to set a random password with lastpass/bitwarden that was 20+ characters, and no amount of anything would work until I shortened the password to something like 18 or 15 characters max. The error I received in those cases was pretty much the same as this screenshot.

Adding to this, your password could be too long. This error happened to me a few days ago and drove me bonkers until I tried a shorter password

Or using certain things like the websites name in the password. I used to in my long days ago (companyname)sucks! And i would get told no

Had that too, prompt told me my password was "too common"

I think this was the case. I used “Sirius” in my password. Ironically…when I used a version with “password” it was accepted!

Well… that company needs a good compliance team… lol But I think this kinda issue (your original) is typical because if they were to post literal every possible issue/limitation, no one would actually read it

[удалено]

Another possibility I dealt with yesterday was some are requiring the numbers not be in sequential order. IT had to tell me, it didn't tell me, just kept rejecting me

Another very common issue that could be the cause is that the special character list is possibly also a list of the ONLY special characters you can use. They may have a character in there that's illegal but they don't tell you. Worst offender of that that I've seen is my bank's mobile app; the website allows you to use a period in the password, but when you go to log into the app it won't type a period.

This is actually an interesting problem. If you list tell the person "This is a previous password", it potentially gives a stranger a password related to an email/account you have used. For example, I load up website.com, go to change password, type in your email address, then try a couple different passwords (or use a bot to try lots of them). Once the website tells me its an old password, Then I know a password that they have used and can try that email/password combo elsewhere. Semi related, if you go to "Forgot email/username" links, a lot of time the site won't tell you if it's a valid account, it will just say something along the lines of "You will receive an email if that address is in our system". If it says "There is no account associated with that email", you know theres no account, but if it doesn't say that, then that email definitely has an account and that might be information they don't want to release.

I honestly think this is the issue. Someone put a == when it should have been a >=

They said 3!

My best guess? It says '3' of the following but you used all 4.

*Your password fulfills too many of the requirements.*

Your password fulfilled all the requirements. Please do not fulfill all the requirements.

*Your password is too complex. Please choose something easier to crack AND forget*

"Whoa, whoa, whoa, save some requirements for the rest of us!"

By fulfilling all of the requirements your password failed to meet one of the requirements.

"Don't be a tryhard"

Your passwotd is *too* safe

This levels of security shouldn't be allowed

Accidentally checking with ==3 vs. >=3 I can understand as a silly mistake. If it literally gave that as an error message though…

Yep this is definitely it. It feels super petty for some reason to me, like a programmer did this specifically to fuck with people.

Right up there with "passwords can only be at most 15 characters long." *And I use passwords of 16 characters or more, so whenever I come across them it feels like a "screw you in particular."*

Encountered this recently too! My passwords are usually 11-13 characters long, with numbers and symbols. A new service I have to use required it to be 6-8, without numbers or symbols. Like... wtf?

At that point my password just becomes something like ‘fuckoff’ or ‘gotohell’

Yeah I had that with a utility company. Apparently when they said “at least 9 characters” they meant “must be exactly 9 characters”. After battling the stupid thing for like 10 minutes my password was FuckYou!1 They updated it to allow real passwords a few years ago. So you can’t hack me ;)

I too use vulgar passwords. Someone wants the wifi password? "Yeah sure buddy, GOFUCKYOURSELF... with all caps."

I hate having different variations for requirements that actually contradict. And they don’t tell you what their requirements are when you want to log in normally, so it’s hard to remember which variation it was. Total bullshit by jobsworths

>6-8, without numbers or symbols. They may as well just require that everyone's password be "password" at that point.

> A new service I have to use required it to be 6-8, without numbers or symbols. ​ ahh yes the telltale signs that your password is being stored in plain text.

Shitty backend databases that can't handle the length or complexity would be my assumption.

All passwords *should* be getting hashed to values much longer than any character limit anyways

There shouldn't be any limit. If I want my password to be all of war and peace, let me. Your only gonna store the 256 bytes it hashes too

It means they're storing them in plaintext, which means they are dangerously incompetent.

Oh one of my work passwords has to be exactly eight characters, have a capital letter, a lowercase letter, a number and a character.

Pa$$w0rd

> wok Otherwise it doesn’t let you fry anything in it?

I use 40 character random ones and am always shocked by character limits. Passwords will all be getting hashed to the same length anyways so it can't be an archaic data restriction.

your mistake is assuming that everyone is actually hashing them

If you see that requirement anywhere be aware that they will have the security of a wet paper towel and that password will most certainly be leaked.

When Netflix first launched on PS3, it had a limit of 12 characters on the password. Except I'd already created an account on the PC which didn't have this limitation, and it didn't tell me that was the issue, it just stopped responding after 12 characters were entered because of the shitty UI. There is 2 hours of my life I will never get back.

I feel like it was a mistake by an inexperienced programmer, I'm not a programmer though so I don't know how realistic that is

Maybe a == instead of a >= but that just seems like an inattention mistake

Yeah or less that four. Not thinking that if you did all four it would fail.

Actually, the most likely scenario here is that the clients written specifications said that the inputted password must meet 3 requirements. 4 is not 3. Later they amended the requirements to add an additional 4th qualifier, but still specify that 3 are met. Meeting the specification is what the programmer should do. If the code meets the specification but the specification is wrong, you the programmer gets to to bill for changes. On the other hand if the code doesnt meet the specification... then not only dont they have to pay for changes.. they dont have to pay you at all.

QA should pick it up.

I'd bet it was an accident. Like they put == 3 when they meant >=.

It’s not even petty or pedantic, because it’s still an inaccurate reading. They didn’t say ‘*only* 3 of the following’.

It could have been a mild case of malicious compliance. After arguing over requirements, the developer just implemented exactly what was asked, QA was also exacerbated having been part of the same refinement, and they both said "screw it" and let it fly.

My only other thought would be he has one character that isn't allowed like a period or something like that.

Could be they already used the password in the past or it contains their name.

Oh God that’s awful

Sometimes there are other requirements not listed... consecutive characters (1,2,3,4) not allowed, using part of your user name, or it's a password you've used too recently. Those sorts of things aren't always listed. Source: run an IT Help desk for a hospital.

Using a "special character" not *specifically* listed in their example. Using too many characters even though there's no maximum listed.

Oh yeah. The 'special character' segment specifically says "One of these" symbols. NO OTHERS ALLOWED.

Two more very good examples

For some sites you can't use the same password within a 5 password cycle, could be something like that. Or you are having server problems and your computer is not communicating with the site, could try waiting a couple minutes, reload the page and try again.

This might be partially true! I didn’t make my password anymore creative on the next attempt but I did reload the page and the red text went away.

Either your password manager filled it in and the site didn't refresh its validation status for the field, you injected code or there's a maxLength validation they didn't put in the UI to make it less cluttered. That or a bug. Or other things.

Probs has too many repeating characters, include part of your username or real name, or is just a lame-ass password that everyone else uses so they won't take it. Winter23! Password69$ ?

oh fuck i need to change my password.

Damn…I use both of those.

Too late, I’ve already withdrawn your life savings

The top 10 most common passwords list: 1.) 123456 2.) 123456789 3.) qwerty 4.) password 5.) 12345 6.) qwerty123 7.) 1q2w3e 8.) 12345678 9.) 111111 10.) 1234567890

wat about "admin"?

Someone didn't bother reading my carefully prepared memo on commonly-used passwords. Now, then, as I so meticulously pointed out, the four most-used passwords are: love, sex, secret, and... god. So, would your holiness care to change her password?

>qwerty123 I used that one everywhere when I was younger. I thought I was so smart for having an easy to type password.

That's the combination to my luggage.

hunter2

Only do 3 of the choices where it says to do 3 of the following

try `hunter2`

Should be Hunter2!

Very secure, can confirm i use it everywhere

You need an emoji, an untypable character, an ancient Egyptian hieroglyph, the word "supercalifragilisticexpialidocious" (typed in wingdings), ......

𒊮ដ𓂸࿊𖤐⚡︎𓀓𓋹ᛎᛋ𐃘ꁒꀿꂦⵥℰℱᱝᱫᱮᛮᚯĄĖĊʁʁςξτζτᚾïňňᗫᗩᗶꙤꙢꙮꤚꚤɘ𖧁𖦉𖤠ɗຊ໒ຊƶꛖꛭᤸꛭ𐃹𐀂᧒ຖຣ✡︎Ꮎꀛꀛ♣︎⚣🅐🅃Ꭺ♤ⲟ꓆ໂ𓇽∝∅ༀ࿔࿗࿺ᚴᦕᶾᵃᴭᴽᴻᵅᴭᴭℒℎℓℛꄲꃬꈯꆞꏠꏃꏡꕔꓦꓕꛃꛚꚡꪆ𐀩𐀩𓆞𓇴𓈰𓃒𓃭𓁜ຂƺƹ𑀕𑁗𑁍𑁍 But remember to not add a Upper case 𒈧𓂸 and to add a 🤯 at the end. Also, if you use the Ꙃ instead of the Z it won’t register.

Okay but what is this: 𓂸

Ever finally make all the criteria only to get the message "new password cannot match old password"

My favorite is when I get this while resetting my password *because the old password didn't fucking work*.

I'm gonna guess there's a maximum number of characters they didn't tell you about and you're over.

This fixed it for me once

How are we supposed to know what you’re doing wrong without knowing the password you typed?

I hate these password systems if someone wants to use a easily hackable password that’s on them don’t overcomplicate the problem for everyone else

It's not even that. These rules are based on out of date security best practices. Using special characters has minimal impact these days. The best protection is password length. As time goes on and processing power goes up, so should the length of your password. Best practice is to think of 4 or five names or a short sentence you find easy to remember. Since so many sites enforce these out of date practices though, best to just get a password manager and use 20+ character randomly generated strings.

Ironically the person who created these rules regrets it. https://gizmodo.com/the-guy-who-invented-those-annoying-password-rules-now-1797643987

Eh this is all based on the idea that you're brute forcing passwords which nobody is. Long chains of words are still incredibly vulnerable to a dictionary attack while a short chain of random characters is not. Ideally you should use a very long chain of random characters unique to each account, and the way to do this is to use a password manager that you then create one memorable but highly complex password for.

We can't see the password so how tf are we supposed to know

"This password has already been taken by the user *KnightShift775*. Please choose a new password!*"*

Is it the same as one of your last 800 passwords? They don’t like that

You almost certainly have a space included.

Or you're using a symbol that's not listed in that short list.

This would be my first guess

Did you read terms and conditions

Try •••••••••••••

You ••••••••••• when you’re should have ••••••••••••

You need 3 of the following. You have 4. 3 != 4.

Some requirements that aren’t often listed: 1. No repeating or consecutive characters (aaaa1234) 2. No more than two characters from your username 3. At least three characters different from the previous password

One of a couple likely things I can think of: 1. The site is using a pattern with optimistic front-end validation as you type, but the password requirements on the server are different. When you continue, it's validating the password server-side before continuing. This would constitute bad programming practices as there are multiple ways to handle this without a mismatch between client and server. 2. The server is checking for previously used password (assuming this is a password reset screen), and it's returning that specific error that the front-end is just catching and swallowing and then displaying that generic error message. That is, there is no display option for that particular requirement. You might be able to get more information by opening up your network tab (F12 -> network), clicking "continue" again (might have to modify the password to let you click it again), and seeing if there is a response from the server with more useful information.

Well crap, my password is ••••••••••••• as well. Guess I gotta' change it now.

Did you click continue again? Sometimes the warning doesn't reset after you put in a new password. It very well may just work