The problem with really awful password interfaces lies mainly with big institutions (banks!) who are unlikely to be influenced by bloggers linked on hacker news.
Ever since switching to a password manager (1Password in my case) I've become acutely aware of how many places have ridiculous restrictions on passwords (especially maximum lengths and character restrictions), and the worst offenders are invariably banks and financial sector sites.
It seems like the more secure you need your data to be, the worse their password restrictions are. Restrictions such as no special characters, or an arbitrary short length raises a red flag. It says they don't really know what they are doing, and it makes me wonder what else is broken.
And no SQL keywords allowed in passwords. Because they like to advertise that they don't bother escaping user input before concatenating sql strings to store plain text passwords in the database.
The PHP manual pages are full of user comments with helpful suggestions just like that, which incompetent programmers copy and paste into production systems. But I think of it as a good thing, an instance of evolution in action, because banks that hire such stupid programmers deserve to have all their money stolen from them.
Ever since switching to a password manager (1Password in my case) I've become acutely aware of how many places have ridiculous restrictions on passwords (especially maximum lengths and character restrictions), and the worst offenders are invariably banks and financial sector sites.