I have run across several financial sites where passwords of any length are accepted but only the first 8 characters are significant.
What you describe here
is password truncation, another topic discussed in the MacInTouch link I gave above. The problem with password truncation is that there are sites whose verification systems don't truncate passwords upon return like they did when the password was originally entered. That means that your original password may be denied without you knowing why, in this case because it's 'too long'. You'd have to guess it was truncated, and by how many characters.
