No, it's not an April Fool's prank. AT&T really is forbidding passwords that contain obscene language. Or at least that's what the company's password reset page says.
AT&T's policy barring obscene passwords is surprising because it's completely unnecessary, even for a company that bends over backward not to offend even its most modest customers or employees. If workers are following standard industry practices, passcodes will never be shared with customer support representatives or engineers either verbally or in e-mails. Instead, plain-text strings such as "shittypolicy" will be cryptographically converted to strings such as "eaf6f87e9d009cd3c713e6533ce8b15ac9ed2009" that in theory can't be mathematically reversed. Sure, it's a good idea to block the use of expletives, but that has nothing to do with their potential to offend. The reason to bar them is that they're generally so short and widely used that they're easily cracked.
When AT&T's policy came to light over the weekend, Ars assumed it was an April Fool's-motivated hoax. An AT&T spokesman still hasn't delivered a requested statement, but the screenshot posted above suggests the reports are true.