On a related note, I was surprised when I recently signed up to a new online banking service. After going through the usual registration process and waiting to be mailed my password etc, I finally went online.
Being the conscious security professional that I am, I immediately went to change my password. I was amazed when it appears I can only have letters and numbers in my password. I cannot have anything else such as punctuation.
Needless to say, the bank in question shall remain nameless. However, I have written to them to explain that they may want to consider expanding the password policy.