For bank and brokerage and other financial accounts, MPG strongly advises using a long and complex password .
The stupefying situation is that some financial institutions places strict limits on password quality.
Between myself and a family member, I have to manage many separate financial accounts (i.e. accounts with real money at stake, easily taken if the account is compromised). The restrictions preventing strong passwords across them runs from mildly-frastrating to serious risks, such as your example with Schwab.
I’ve been asking reporters, such as those at Ars Technica who follow this stuff, to compile a list of password restrictions from all the top financial institutions and publishing them as a ‘name and shame’ piece to spur better practices. Unfortunately, no one has taken this on that I’m aware of. It seems like the sort of thing that would be an instant hit among the security conscious, but alas that seems to be an all-too-small audience.
This is like watching a chain-smoker puffing away right after having a lung removed. The problem is obvious, but denial is a tough thing to overcome.
MPG: seems like a good article for the Wall Street Journal.