@AndyCanfield said:
Assume that 1234567 represents a reasonably obtuse string. I wanted to set my bank password to "1234567", but they gave me the error message "Password must be more than 7 characters." So I added an obvious acronym, tried "1234567fy" and got the error message "Password must be no more than 8 characters." That's why my password ends in "f". Why doesn't anyone change both error messages to "Password must be exactly 8 characters"?????
Don't ask me why, because I honestly almost broke my brain trying to understand his explanation, but a former employer of mine actually made me do idiotic stuff like that in a web application. I think he wanted people to be punished for not reading his (very badly written) e-mailed instructions to new customers: but one of the idiocies was password length. If you entered an (n) character password for n<6, he wanted it to say the password had to be longer than n characters. For n>6, shorter than n characters. Yeah, we were limiting to six character passwords.
Oh, and I was written up for "being lazy" for doing it with a short function and string substitution, instead of an if-then ladder for 1 through 31 characters of length ...