Ok, so I consider myself a moderate when dealing with passwords. I don't use common names, dates and/or words, none of my security questions and answers are legit and I vary the level of password difficulty pending on what I'm safeguarding. However, I don't use 20 character passwords or have paranoia that people are always trying to hack me.
So, with that being said, I've been getting rather frustrated with the varying password policies from websites. I applaud their desire to protect our data, but their policies aren't uniform and are dumb, making me create and remember more and more passwords. The more unnecessary restrictions you have, the less possibilities there are.
Prime example. Same website made me create a password that had to be at least so many characters, but no special characters. Later, in the same website, I had to create another password that had to be EXACTLY 8 characters, using at least one number, one special character, but only SOME special characters. (I don't remember the exact policies, but they were something to that effect). Because my first password violated the second password policy, I had to create an entirely different (modified) password for the same site! And, no, this wasn't Healthcare.gov.
As I start to do more stuff online, I run into this more and more and has become more and more frustrating. What's the point of creating a policy that doesn't allow special characters?
What say ye?