I tend to use secure passwords most places. Like 0mG%R3LLy!53kUr3!!1 secure.

But several things drive me crazy:

• Maximum length restrictions. American Express—probably the place I need the most security at—limited my password to either 6 or 8 characters.
• Ludicrous minimum lengths. Eight is common, but I’ve seen even higher. “password” is eight characters and is secure, but when I’m trying to sign up for your silly forum to post one thing, and it’s telling me that IH8URS1t3 is too short, I want to scream.
• Character restrictions on password. This is what drives me crazies. What do you mean “*” isn’t a valid character? One place wouldn’t allow a period. (!) This annoys me partially because, unless you’re storing passwords in a plain text file and using a “*” as a field deliminator, there’s no technical reason I can’t use an asterisk in my password. Someone, somewhere, thought that passwords shouldn’t have asterisks and made it so on their site. This is absurd. But even more absurd is that it shouldn’t matter what you enter, because even if your database did treat any non-alphanumeric character as a field deliminator (which no database ever made does), you shouldn’t be putting my password in like that. You should be taking my password, containing anything if I want, and running it through a one-way encryption algorithm. Heck, even something insecure like MD5 would allow you to submit 32KB of Unicode as your “password,” and it would be normalized into a short hash that gets stuck in the database.

If you leave a comment, it must be no longer than seven words, and cannot contain commas, periods, uppercase T’s, or any even numbers. Otherwise my database might explode.