[zo1]

Or 10, which is the maximum password length my bank requires in order to log in to my bank account.

Oh, but they have a 4-digit pin, too! That makes it oh so much more secure.

[nommm-nommm]

My old bank required an exactly 5 character password.

They had two factor authentication though, with a phone call or SMS. What happened if you forgot your password? Well you had to reset it, using only phone call/SMS, of course!

[vacri]

Banks are more willing to eat the fraud costs involved with real-world compromised PIN codes than to deal with the customer support for forgetful users.