Every time I run into this, I remember meetings where a dumbass engineer would convince a clueless PM that something was necessary. It seems too specific to be thought up by a non-engineer.

I have no way of knowing this, but I do think companies with dumb password rules have poor talent.

I need to start a list of companies with dumb password rules, but I rarely create new accounts so by the time I get annoyed, I’m distracted onto something else.