There are endless competitors for this, but surely some sort of major stupidity award is due to the Dollar Rent-a-Car password system as described by Geoff Kuenning:
But the winner of the incompetent-design sweepstakes has to be Dollar Rent-a-Car, who asked me for the last four digits of my driver’s license number and my birth date for verification (but not my old password). Then, when I clicked “Change Password”, it took me to a customer-support e-mail form! Apparently I was expected to type a message asking a human to change my password for me. I declined; it seems monumentally stupid for them to let one of their employees to have access to thousands of customer passwords. Instead, I used the form to ask them to let me know when they deploy a secure system.