Below are some restrictions on creating a password from a website that I have to use at work. The odd thing is that, apart from just being silly and unnecessary, these restrictions actually make it easier to hack the password.
The code must be a six- to 10-digit, unique number.
The code must be numeric, it cannot contain letters or special characters.
The code must not have more than two repeating numbers
(acceptable: 113355, not acceptable: 111333).
The code must not have more than two increments
(acceptable: 124578, not acceptable: 123567).
The code must not have more than two decrements
(acceptable: 986532, not acceptable: 987543).
The code must not contain a string of four or more numbers that match your
Social Security Number.
The code cannot begin with a zero.
The code should not be your birthdate.