DEERS/RAPIDS (the DOD contractor/employee ID system, among other things) has the best restrictions EVER: Passwords must be exactly 14 characters - no more, no less.

Passwords must contain 2 of each character type:

Caps alpha, lower alpha, symbol, number

Symbols can only be a handful, rather than anything goes.

I can beat that. For a while my timesheet software at work let us reset our passwords to something containing special characters, but sanitized the password field of the login to remove those special characters.

Schwab.com has the exact same policy.