Re: password specifications..
I really hate this "Enter the 1st, 3rd, 10th characters of your password" BS.
a) As a user, if you know the password, it's much easier to just type the whole password than faff about with identifying the nth characters
b) From a security POV, it means that the server somewhere has access to the plaintext password so it can compare nth characters, instead of hashing the passowrd when it is set, storing the hash and forgetting the password. So it's less secure than using the whole password