This aggravates me beyond belief. I have more secure passwords on random sites/accounts than I do on my financial accounts. Why do banks insist on restricting character limits to 12 - 20 characters?
Citibank is even worse. I use a password manager and have used a 20+ character password for years. Every now and then, as happened a few months ago, they change the website in a way that breaks long passwords. So even though my password manager entered it correctly, it rejected my password until I had to reset it.
Same. At least they fixed the issue (years ago, to be fair) where you could log into your Citibank account and tweak the URL to see other customers' data...