• Your password is case sensitive.
• Your password must be between 8 and 20 characters.
• You can use letters, numbers, dots [.] or dashes [-].
• Your password must contain at least one letter and one number.
• If there is only one number, it must not be at the beginning or the end of your password.
• You must not have more than two of the same characters in a row.
• Your password must be different from your user name.
So, in other words, a couple of passwords I have used elsewhere, and *are secure* cannot be used here, since they only allow dots and dashes, rather than a sensible ASCII character set...
Who the fuck are the idiots who set this up? There are going to be people all over the nation writing down their internet banking passwords because of utterly stupid policies like this. Make the passwords have one of a letter, a number and a symbol, be >= 6 characters (8 ideally) and run it against a dictionary when set, to avoid dictionary words from stupid people. That's a fairly basic UNIX like password policy, and one which isn't totally fucking stupid.
Suffice to say, I am about to pay off the card, and cancel it. Bastards.