[aclarry]

Even better if it just says "your password does not fit our requirements" :)

I was signing up for a bank account and had to make a password for my online account in the branch. Turns out my 16-character randomly generated password made the system unhappy. Tried 6 more times with newly generated passwords (character-only, alphanumeric only, alphanumeric and "#" or "$" only) and it just said the password was not acceptable. So in the end I used my probably ~15 bits of entropy super easy to crack password from when I was 10, with a few randomly generated characters on the end (because more than a few would make the system complain again).

The pervasiveness of poor UI and security design baffles me. You would've thought that one of the largest banks in the world would have a little more competency but nope.