[Still true as of July 2013] Schwab.com limits passwords to between 6 and 8 letters or numbers. It does not allow longer passwords nor does it allow special characters, such as “!” or “$” or “%”. Limiting the selection of characters and the length greatly increases the chances that someone could hack into accounts at schwab.com.
Perhaps the management isn’t aware of the vulnerabilities this causes. As a Schwab client since around 1994, I have been concerned about this for years and with all the issues for large banks and financial institutions over the past few months. Unfortunately Schwab still has not addressed it.
Feb 2013 update: Schwab has not addressed this except to recommend two factor authentication, if requested. However, if you do not have your token generator, it becomes much more inconvenient to access Schwab. An 8 character password with only alphanumeric characters is practically negligent on Schwab’s part for any year after 1995. For Schwab’s two factor authentication, the SchwabSafe Page has more information or call Schwab at 800-435-4000.
http://www.schwab.com/public/schwab/nn/legal_compliance/schwabsafe/your_questions_answered
“What format should my Schwab.com password take?
Your Schwab.com password should be a random combination of six to eight numbers and letters, with at least one number included between the first and last character. It should not be a significant sequence like your Social Security Number or birth date. ”