Better than idiotic websites that enforce their character length limit on the client, but not on all pages on the client. So you can change your password to 123456789, but the login page will truncate it to 12345678

I just tested this, it is case sensitive and it doesn't ignore things after 8 characters.

I'm using TD Canada, not sure if they've maybe updated since you tried?

Strange. I tried just this morning before posting but I will update my password and try again.

edit: after updating my password it's now case sensitive, and allows special chars. As the sibling comment suggests, it looks like they have two different authentication routes and updating your password moves you onto the newer one.

I tried it with a new password today. The requirements were between 8 an 32 characters and some special characters allowed.

I just tried with all lower case letters and it rejected it. Prior to changing my password however, I experienced everything you described. They must have 2 systems and setting a new password must switch you to the new system. Can't fathom why they don't just mandate everyone changing their passwords.

Yup this appears to be it. I just changed my password and can now use a longer password with special chars (no spaces though).

Perhaps this[1] has something to do with it?

[1]: http://stackoverflow.com/questions/2179649/are-passwords-on-...