One of my pet peeves is when rules counteract the purpose they are supposed to serve, usually because of incompetence. Two years ago, I worked for a few months for a company where time reporting was accessed through a specific web page.
They required the password to be changed monthly, have at least 10 characters, at least one number and at least one special character. On top of that – they locked out password managers and pasting. "We need to make sure you are the one logging in and not a hacker that hacked your password manager" they explained when I asked.
Out of spite I went for "Password12!" the first month and "Password123!" the month after, at which point I received an email from the IT department explaining to me that my choice of password was endangering the corporations security.
They required the password to be changed monthly, have at least 10 characters, at least one number and at least one special character. On top of that – they locked out password managers and pasting. "We need to make sure you are the one logging in and not a hacker that hacked your password manager" they explained when I asked.
Out of spite I went for "Password12!" the first month and "Password123!" the month after, at which point I received an email from the IT department explaining to me that my choice of password was endangering the corporations security.