A list of ten most stupid things you can do with my password to your website or other service:
- Display it to me on the website.
- Send it to me in an e-mail.
- Make me submit it over http.
- Include it in page source sent over http.
- Generate it for me and expect to remember it.
- Limit its length.
- Limit what characters are allowed.
- Limit what characters are required.
- Store it in your database as plain text or unsalted hash.
- Force me to change it periodically.
![[Home]](/static/yumyum.gif)