Many of the restrictions are repeated. For example the first character must be a lowercase letter or an uppercase letter or a number, but the only characters you can use are lowercase letter or an uppercase letter or a number. It looks like an auto generated list of restrictions. They must put a human somewhere to rewrite them instead of letting whatever framework they are using write the text.<p>> <i>Password should be maximum 12 characters</i><p>> <i>Password can contain 10 repetition</i><p>A weird decision.<p>--<p>About the use of special characters, I agree that they increase security but it may be a nightmare for support. Some moron^W user will use a weird character, here in Argentina áñ¿¡ and move to another keyboard and not been able to find it or the browser may have a different encoding. Usual special characters like !"#$%&/()= are probably fine. Or perhaps they have an on-screen keyboard?