Here is a little rant I am sure many here understand.
Why is it that websites restrict the password field as much as they do?
Latest experience has been with the TelstraClear Customer Zone portal. "The password must be between 7 and 8 characters and contain no spaces." The no spaces requirement I can understand. Most websites can't seem to manage passwords containing spaces which shouldn't actually be a problem but that is another rant.
But, 7 and 8 characters... Why, for the love of all that is sane, would that restriction be necessary? I am by no means a database expert, but I am sure that storing passwords that are a little longer than that would be feasible, wouldn't it?
I feel the same way about most banks, Kiwibank & WestPac are the exceptions that I know of. Surely encouraging security by allowing any characters and lengthy passwords should be normal practice.