Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.
Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…
I had to log back into an account for an app (I think Taco Bell) that decided to remove passwords entirely without any notice. You typed in your email address, had to open your email account and click a link they sent you, it would open a webpage, which would then have a button to open the app again. If I remember correctly too, it would only work on Chrome, so I had to copy and paste the link since Chrome isn’t my default browser that automatically opens from my mobile email.
Besides that, I remember some website required a special character from an extremely small list and wouldn’t allow two of the same letter back-to-back.