Then again, banks are not exactly on the cutting edge of security, though they like to seem like they are.
Every bank I've ever dealt with has assumed 100% liability for unauthorized transactions, so a bad password affects them financially, not you. Therefore, I don't understand all the complaining about password length.
That's a pretty damn naive statement. Yes, in the end, customers are financially protected. But that doesn't make up for the hours, days or even weeks of phone calls, emails, letters, in-person visits, credit-reporting agency fixes, etc which are necessary to rectify fraud in the banking/finance industry.
A friend of a friend recently had $500 stolen and Chase didn't reimburse him for that, so this doesn't seem to be universal. (On the other hand, Bank of America did issue me a temporary credit for my money that got stolen in the same compromise, so I know it happens sometimes.)
Every bank I've ever dealt with has assumed 100% liability for unauthorized transactions, so a bad password affects them financially, not you. Therefore, I don't understand all the complaining about password length.