Question 1

How do I submit a dumb password rule to the database?

Accepted Answer

You can submit via a GitHub pull request with site details, a link, screenshot, and description, or message the maintainer on Mastodon if unfamiliar with GitHub, as outlined in the contributing doc.

Question 2

What are some common examples of dumb password rules?

Accepted Answer

Examples include restrictions on special characters, mandatory inclusion of numbers in specific positions, or arbitrary length limits, all documented on the website with real-world instances.

Question 3

Why is prohibiting certain characters considered a dumb password rule?

Accepted Answer

It reduces password entropy and can lead to weaker security, as it limits user choice and contradicts modern guidelines like NIST's, which encourage longer, more complex passwords without unnecessary restrictions.

Question 4

How does the dumb password rules social media bot work?

Accepted Answer

The bot periodically selects random entries from the database and posts them to platforms like Mastodon and Bluesky to raise public awareness about poor password practices.

Question 5

Dumb password rules vs OWASP password guidelines: what's the difference?

Accepted Answer

Dumb Password Rules critiques real-world bad practices, while OWASP provides proactive security guidelines; the project uses examples to highlight deviations from standards like OWASP's recommendations.

Question 6

Can I use this site for security awareness training at my company?

Accepted Answer

Yes, it's excellent for training as it offers humorous, relatable examples of poor password policies that can engage teams and illustrate common security anti-patterns effectively.

Dumb Password Rules

What is Dumb Password Rules?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions