There's no technical reason why a competently-programmed website can't handle passwords of any length, containing virtually any combination of characters, however squiggly.
But that's not the case on the website of insurance company Direct Line if you try to create an account.
They don't want you to use anything other than 'a'..'z', 'A'..'Z', '0'..'9'. Furthermore, it's tough luck if you want your password to be more than 10 characters.
That doesn't sound like good security practice to me. That sounds like Direct Line's programmers are either lazy or don't know what they're playing at.
Direct Line is far from the only company which is guilty of putting such daft restrictions on its customers. But that's no excuse.
Hat-tip: Thanks to @LargeGrowlyBear for pointing out Direct Line's lousy password requirements to me.