[int_19h]

It's not just banks - there's a lot cargo culting around passwords in general, and it often manifests as long and pointless lists of requirements, that often make things worse rather than better.

One recent example I had was with an online account that demanded a password reset. One of the requirements was "no two consecutive or three sequential characters". I'm still not quite sure what exactly it means, but it was tripped by any sequence of characters like "ab" or "21", and as a result, my generated 16-character password with no meaningful words in it was not accepted.

You know what passed the filters though? "secret_1".