I've been banking with you for almost 30 years. You gave me my first credit card. You have great customer service. You have a branch in every city. You're Canadian, and so am I.
Unfortunately, I am closing my accounts with you, and I am going to persuade anybody else I can to do the same, unless I get a satisfactory answer as to why you do this;
You've just given away maximum key space. In an effort to force longer passwords, you've also reduced the searchable key space by FIFTY SIX BILLION passwords. I do admit, those would be popped relatively quickly on even modest GPU-accelerated hardware. I can understand minimum policies but maximum policies are absolutely asinine, and there is no excuse.
I pray that I am wrong in assuming the whole "ftp.", "www." and "<" limitation was because at one point in time, passwords were stored in clear-text. Please tell me I am wrong. Please tell me that the symbol and word limitations, along with the length limit isn't because they're stored in a plain-text database with 12 character fields, and there is no hashing or input sanitizing happening here...