[_delirium]

The services/apps are often hostile to it, in my experience. For a while I had a mental password-generation scheme that involved commas, and about 50% of websites would reject my password for having an illegal character, sometimes explicitly, other times just breaking in weird ways. After one site let me set my password to one involving a special character, but wouldn't let me enter that same password on the login form, I became wary of using special characters in passwords. (The site was a bank, not some random forum.)

[mkjones]

Nah, they have a great reason - if they restrict you to alphanumeric characters, it's easier to prevent XSS when they display your password back to you later on in the flow :-).

[falcolas]

My favorite is when I pick a 20 character password (keypass, ahoy!), and register using that. Works great, until I try and log in, whereupon I realize they silently cut off n characters from the end of the password when saving it on the backend.

Heck, at one place, n was 12. Go figure.