Besides the usual password complexity requirements AT&T now won’t also accept passwords that contain obscene language (as first noted by @janinda). This seems funny enough while harmless, however, is it?
This raises a question as to why it is necessary when passwords should never be seen by anyone but the user in first place.
Passwords are stored in the database in an encrypted form and they are compared during authentication in this form as well. Technically no one should ever see them.
Perhaps AT&T is afraid that in case of a hacked database a list of obscenities would be revealed.