While changing my password on a few sites, I ran across one of them (the financial institution Vanguard of all places) enforcing a max password length. Since I typically use passwords that are around 14 to 16 pseudo-random characters (I like passphrases, but too many sites freak out on the length), I’ve hit this kind of issue before, but this is the first time it’s been with a financial institution.
This is seriously broken – I think this might be the final nail in the coffin that gets me to move the handful of accounts I have over there. Sheesh.
BTW, I get the argument of “don’t let your users enter 20 char passwords if only the first 10 are effective”, but in 2011, a large financial institution should really be better than this.