After reading your last password blog entry, I’ve been slowly changing my passwords to something a bit more arcane. Upon reading the password requirements for one of my banks, I found that their password rule is that they must be 6-9 case-insensitive letters and/or digits. I emailed them and told them that wasn’t very good. They replied that since their web passwords and phone passwords were the same, that’s the best they could do. They claim to be working on a solution. Mind you, this is a BANK.