Just as a note, to update password, this is in "Resources" > " Preferences"

In addition, as WebmasterWorld was reacquired late last year, [webmasterworld.com] PCI compliance policies require an update.

PCI Compliance also has requirements for password... [pcipolicyportal.com...]

FWIW I did receive one of those scam emails (many in fact) a while back that claimed to have hacked my webmasterworld account (and wanted me to transfer a pile of bitcoin...). Worryingly, the email did actually contain my complete password (random letters/numbers and unique to WebmasterWorld)! Fortunately, this was an old password that I had changed several years ago.

I understand that meeting requirements is important. However, given that changing passwords every 90 days has been officially deprecated for several years following multiple research showing that it leaks/brittle-ises as much or more as it protects following over a decade (2006-ish?) of increasing suggestions doing so is a bad/pointless/security theatre idea, it would be 'nice' if requirements could keep up to current best practice... of course finance is typically at the back of the pack as risks are often off loaded...

Regarding the mention of a WebmasterWorld password being shown in clear by a third party...
1. are WebmasterWorld passwords stored clear or hashed?
---is a current best practice hash, i.e. salted Algon2id, being utilised?

2. WebmasterWorld has only recently switched to HTTPS, so a clear text pwd transmission was previously potentially subject to MITM interception.

3. was the pwd ever saved (member says unique usage) elsewhere that might have been hacked?
Note: quick check via Troy Hunt's Have I Been Pwned [haveibeenpwned.com] site is useful if not definitive.

And a serious question: PCI requirements are for min 7-chars - what is WebmasterWorld pwd max length?

PCI requirements are for min 7-chars - what is WebmasterWorld pwd max length?

Just to mention, when I registered here last year, special characters weren't accepted in my password