Just a quick rant, and maybe this will effect someones decision today, when designing around a password. This site is limiting my password to be between 6 and 10 characters, with no spaces, and no special characters. This is a Yahoo! / Overture site, used for Search Marketing, where I've given them my credit card information. You'd think Yahoo would know better. Then I thought, maybe they don't, and maybe others don't either.
After reading advice from G Andrew Duthie last year, I'm in the habit now of using pass phrases. These tend to be 20-30 characters in length, and very very hard to decode/guess, as well as very easy to remember. Pass Phrases are GREAT! Everyone should use them.
Sites designed with limited password lengths are simply a bad security design. Please allow for at long passwords in your database design.