I'm sure it won't be great, but I signed up anyways.
And seriously, what kind of service restricts you to numbers and letters only for passwords?
AP exam scored were recently released so I went to the college board website to see them. Unfortunately I forgot my password and had to reset it. I typed in a password and it said "Must be 7-15" characters long. However, mine was 9 characters long so I was confused. In fine print above it said letters, numbers, and underscore only - all other symbols are invalid. They also limit you to 15 characters.... Looks like I figured out why I could not remember the password, since I almost always do 8char+letter+number+symbol to fit silly password rules.
It seems pretty crazy to me. I mean any sane website should just hash what you enter and call it a day. Then You hash what the user enters and compare the two hashes to check if what they entered is correct. Throw in some salt to prevent rainbow tables and add some extra security. Since the input should immediately be hashed, it's just bytes to the computer - it shouldn't care if it's a letter or symbol. I have no idea what insane system they use that prompts a user to NOT use certain characters in their password. It worries me especially when it is for a big company that can hold a lot of personal information (including name, address, school, SSN, etc).
Edit: here is pic if you want to see the insanity for yourself. Sorry for the OT.
https://i.imgur.com/ycfcN3u.png
