Why is it that websites restrict the password field as much as they do?
Latest experience has been with the TelstraClear Customer Zone portal. "The password must be between 7 and 8 characters and contain no spaces." The no spaces requirement I can understand. Most websites can't seem to manage passwords containing spaces which shouldn't actually be a problem but that is another rant.
But, 7 and 8 characters... Why, for the love of all that is sane, would that restriction be necessary? I am by no means a database expert, but I am sure that storing passwords that are a little longer than that would be feasible, wouldn't it?
I feel the same way about most banks, Kiwibank & WestPac are the exceptions that I know of. Surely encouraging security by allowing any characters and lengthy passwords should be normal practice.