You might think that, by now, most critical Web applications would have figured out password security. You know -- requiring strong passwords, not storing those passwords as plain text, that kind of thing. Unfortunately, you'd be wrong. Take this example, copied from a financial services company customer portal: The password may not contain any of the following characters: ", ~,!, @, #, $, %, ^, &, *, (,), +, =, \, |, {, }, [,], <, >, ?, blank or tab.
