BMO Investor Line still requires you to have a short password. It explicitly requires, I don't remember the exact number, like, a 6-character password. It cannot be longer. WTF.

Their web app is "screen scraping" a legacy mainframe CICS interface via a virtual 3270 terminal. Almost certainly the case any time you see something like a very short or very limited set of characters permitted in a password.

Oh, it was worse than that at BMO (or still is?). Used to be it could be longer but only the first 6 mattered…

The 6 characters designed to be mapped to 6 numbers for a telephone banking PIN.

So aA-cC would all be treated the same (and be a 0 for telephone banking), dD-fF would be 1, etc.

So in reality; there were only a million different passwords.

I thought this stopped ~10 years ago. Or did it?

Very much doubt it, it certainly used to (4 years ago). The old system truncated your password (you used 20 chars, it dropped the last 14) so when the switch happened - suddenly your password didn't work - it was very obvious (unless you used <=6 char passwords).

The communication about the change, and the way the old system worked (without warning nor notification) left a lot to be desired.

When you create an application to open an account it still requires you to create a fixed-length short password that you are then supposed to change or something. It was around half a year ago when I encountered this.