In some cases because their legacy systems can't support long passwords. I know my previous bank was restricted to 6 digits (maybe even just 4). Their solution was to add in those annoying security questions like "What was your first dog's name". Sigh.
I use Diceware for those things, in case I have to use them over the phone. "My dog's name is effervescent mandible egg voldemort; my mother's maiden name is regent utterly busted harpy"
I called Schwab once because a LastPass misstep locked me out of my account. The CSR told me it was great that I was using a password manager and that she wished more people used them.
I guess it keeps her employed ;) But on a more serious note, banks are not as stupid and anti-technology as the average HN reader wants to believe. Their programmers are no doubt here too.
(Now why Schwab limits me to an 8 character password... I don't even want to know. But I do have a _good_ 8 character password ;)
