538
NIST proposes barring some of the most nonsensical password rules
(arstechnica.com)
This is a most excellent place for technology news and articles.
Years back, I had that happen on PayPal of all websites. Their account creation and reset pages silently and automatically truncated my password to 16 chars or something before hashing, but the actual login page didn't, so the password didn't work at all unless I backspaced it to the character limit. I forgot how I even found that out but it was a very frustrating few hours.