2009 ?????
8 character passwords were obsolete in 1989 ....
As an aside, has anyone else encountered that wonder of design: the website that doesn't know the rules for the database ?
There has been more than one "professional" website I have come across where the database fields allows [x] characters. But the login page only allows [y] where [y]<[x].
You'd think that the account creation or change password pages would be the same .... only they're not.
Result. No one with a password > [y] can log in .