Finally a fresh idea about password policies. I really can't understand why in 2014 there are still companies (including banks) forcing a maximum length for passwords.
Stanford University network engineers have unveiled a refreshingly enlightened password policy. By allowing extremely long passcodes and relaxing character complexity requirements as length increases, the new standards may make it easier to choose passwords that resist the most common types of cracking attacks.
via Stanford's password policy shuns one-size-fits-all security | Ars Technica.