I hate when websites have some weird rules for passwords, and show the rule when you are creating the password, but not when entering it. How am I supposed to remember the password must begin and end with a special character?
this post was submitted on 19 Jan 2026
317 points (99.4% liked)
Programmer Humor
28566 readers
980 users here now
Welcome to Programmer Humor!
This is a place where you can post jokes, memes, humor, etc. related to programming!
For sharing awful code theres also Programming Horror.
Rules
- Keep content in english
- No advertisements
- Posts must be related to programming or programmer topics
founded 2 years ago
MODERATORS
and when the rule is also wrong example: password must contain special charcters the password contained : and ^ if those aren't special characters idk what is
I can't recommend password managers enough, because you will never have this issue again.
Having to alter my one generic password I use for random ass website because there's a stupid extra rule is usually annoying me enough that I don't register lmao.
Password manager?
I use it for important things that require actual security. Everything else gets the one password treatment.
I use a mental algorithm that means my password is always different on paper, but is always deducible by me.
Jokes aside, I have been blocked many times by overzealous email validation. Yes, my email has a plus sign in it. This is allowed under RFC5322, so deal with it. It is better to have no validation at all than incorrect validation.
Even worse is when they strip the plus sign out after the fact and then you can't log in anymore because you didn't realize that's what has happened.
Yees this has happened to me before but with passwords. They have some length limit that they clamp to so you can't login after registering and I have to do a password reset right after signing up. Happened multiple times to me.
This is criminal. You already send me a validation email, just check for an @ and leave me be
The best email validation is just sending an email to whatever provided by the user. If user receives an email and validates it, than its validated.
Email address spec is convoluted and this is indeed the best way. Noobs and ninja do it this way, normies try to validate before sending email
A plus sign? That's nothing, LOL
Quote:
If you disagree, or have any other comments, feel free to email me at
'*+-/=?^_`{|}~#$@[IPv6:2602:f977:800:0:e276:63ff:fe72:3900]-- if your mail client lets you, that is.
Nice, I was able to send an email to that.
I had a website not let me enter a proton.me email address, when I changed it to my custom.fyi address, it worked fine. They wanted a three letter TLD.
No, I think they just blocked Proton email addresses. I've seen multiple services doing that.
The worst sites are the ones that let you sign up with an unusual address but not log in. The worst I‘ve seen was some ticket system that rejected dfyx+theirdomain@mydomain after I clicked the link in their confirmation email.
There's an aspect of my surname which is somewhat unusual (at least in my country). As a result I occasionally get form validation errors when entering it. Sometimes those errors are extremely inscrutable. Sometimes a form validates but something elsewhere makes unvalidated assumptions about names which then breaks in completely unpredictable names...
Does it fall into one of the falsehoods programmers believe about names? https://www.kalzumeus.com/2010/06/17/falsehoods-programmers-believe-about-names/
Actually no. In fact, I think most people who thought for a minute would realise names like mine exist, it's just that sometimes people working systems don't think for a minute ;)
Not sure if you also do aliases as well but I’ve seen an increase in websites flagging providers like addy.io as well. Extremely annoying that so many websites think they are so important that they refuse an alias.
migadu has a cool workaround.
instead of:
alias+user@domain.tld
you give:
alias@user.domain.tld
then internally it transforms it to an alias when it comes in.
I had a site refuse my email address for my .net domain. Like wtf, if it’s not .com it’s not a real email address? Idk what that was about.
Same although for a totally different reason. There are some services that really don't like gtlds and they will say your address is invalid if it doesn't end in .com, .net, or .org...all my serious domains are gtld...so some services have emails on meme domains because the only domains I have with traditional tlds are memes
The issue this is referring to is because the user cannot paste into a text field. And the user was not rude about it either.
So instead of fixing the actual problem, the developer went nuclear and removed the validation. A dick move in my opinion given the developer’s attitude.
~It’s more sad than funny. 🤷♂️~
I'm guessing removing the validation fixed the pasting, which means it did fix the actual problem?
I don't know what that repo does. But, chances are the dude was just fucking tired of dealing with curseforge. Total garbage scum software.
It's prism. A multi-launcher for Minecraft Java edition.
IMO as a developer this is a sane change. There's no telling when the format of the first-party api key will change. They may switch from reference tokens to JWT tokens tomorrow. The validation should be using the token and seeing if it works.
If they had made the change for that reason, sure. But the actual stated cause was some pretty thing.
So the users realized their mistakes and stopped complaining……and other jokes public project maintainers tell themselves while laughing in tears
If only I had a penny each time a user told something doesn't work when it shouldnt've.
Usernames removed to prevent brigading
What is this gatekeeping nonsense?
We live in the free world.
I don't want that reddit "anti-brigading" crap here.
Post breaks web accessibility by withholding web connectivity: it needs a link to source.
Images of text break much that text alternatives do not.
Losses due to image of text lacking alternative such as link:
- usability
- we can't quote the text without pointless bullshit like retyping it or OCR
- text search is unavailable
- the system can't
- reflow text to varied screen sizes
- vary presentation (size, contrast)
- vary modality (audio, braille)
- accessibility
- lacks semantic structure (tags for titles, heading levels, sections, paragraphs, lists, emphasis, code, links, accessibility features, etc)
- some users can't read the image due to lack of alt text (markdown image description)
- users can't adapt the text for dyslexia or vision impairments
- systems can't read the text to them or send it to braille devices
- web connectivity
- we have to do failure-prone bullshit to find the original source
- we can't explore wider context of the original message
- authenticity: we don't know the image hasn't been tampered
- searchability: the "text" isn't indexable by search engine in a meaningful way
- fault tolerance: no text fallback if
- image breaks
- image host is geoblocked due to insane regulations.
Contrary to age & humble appearance, text is an advanced technology that provides all these capabilities absent from images.
I partially agree with you. It's bad to brigade against a random user out of the blue, but this is a useless censorship.
It's a pull request in an open-source project, it's not like people can't find it in literally 3 seconds...