Or sites that don't tell you the max number of allowed characters and then quietly truncate the password for you. Then you have to guess how many characters they chopped off and try logging in until you get it right.
This! This is the most infuriating... and the salt in the wound is that some of the offenders are career/employment sites for firms that should have enough tech savvy employees to code a form that does client-side verification and clearly indicate password criteria to the user.