I love my bank credit union, I really do. Today they launched a new security initiative to improve security and combat phishing, by requiring all users to create a personal message and select an image from their library.

You enter your username and password in two steps now, and if you don’t see your message and image on the password screen, you know you’re not on the right site, so you don’t enter it.

So far so good. Except as part of their “enhancements,” passwords longer than six characters long stopped working. Needless to say, their customer service lines have been busy all morning, and if you do manage to get through, hold times exceed half an hour.

Nice way to reward the customers of yours who actually did what the security-conscious were supposed to from the start and had longer (more secure) passwords, isn’t it?