One of my tools just greeted me with:

"Your password has expired or no longer complies with the security policies. Please enter a new password!"

How the **** do they know, my password might no longer comply with security policies? Do they store meta information about my password or - which is even worse - the plaintext password?

Or do you have any other idea, how a test like this might be accomplished?

#passwordfail

#SquareEnix, your password and e-mail restrictions, use of security questions and other sign-up form requirements suck...

• Password field can't be pasted into
• Password field can't be filled by the browser's password generator (option doesn't show up)
• Password phrases aren't possible as spaces seem to be disallowed
• Additional restrictions such as limiting the amount of repeated characters only provide additional rules for brute force systems, thus reducing the total amount of possible choices. In addition they make it hard for password generators to create a valid password.
• Putting limitations on the kinds of special characters allowed, makes me wonder doubt your user input sanitation...

In addition to this, they are asking for a 'security question', which are notoriously easy to find, guess or social engineer.
The first couple of answers I gave were also refused.

Plus-signs are also not allowed in the e-mail address field, thus making it impossible to use #PlusFiltering, while also going against the #EMailRFC, which states that plus signs are allowed in the local-part of the address.

#Password #Passwords #PasswordFail #Security #SecurityFail #Squeenix #SquareEnix #FFXIV #emailFail #PasswordRestrictions #SecurityQuestions

Oh, web​.de..... warum nur? Nicht einmal die Zeichensetzung ist korrekt...

#passwordfail