Bank of Montreal forces passwords to be exactly 6 characters long, and has done so for at least 10 years.  It is ridiculous.  They do have a "multi-phase" login, which no doubt is more secure but is also more annoying.  Why don't they just get their act together and allow their customers to use strong passwords?!?!!??