[aftoprokrustes]

This is I think a much bigger issue, and pretty much impossible to understand for most users: the fact that the frontend happily accepted your name/e-mail/whatever is _not_ an proof that it can handle it. I tried to use gmail's feature that you own all addresses of the form my.name+whatever@gmail.com when registering to services, but it silently failed so often that I do not even bother trying anymore.

[lifestyleguru]

A mere email... I had a situation with a bank when their website accepted new password but the backend implicitly and without feedback trimmed the new password to 10 characters.

[bonton89]

Paypal did this with 20 characters. I can't even remember how I figured it out so I could login.

I don't know if it truncated it automatically or it just stopped accepting input after 20 characters and I of course did not notice since the password entry fields were masked.

[lucakiebel]

Their password reset form didn’t have the restriction, so you could reset your password to 21 chars, and then never log in again

[happymellon]

HSBC had this problem. Not sure if it still does, but it's a big enough institution that I feel it deserves being called out.

[Macha]

Permanent TSB in Ireland did the same until like 2020.

[jp191919]

I had this problem with Transunion (a credit reporting agency in the US). They shortened my password to 15 characters, didn't tell me or anything, I had to figure it out myself when trying to login.

[yukkuri]

Same, on multiple sites. It is obnoxious as heck