Another site with odd password policies, redbox.com. Requiring a minimum password length is a good idea, though you could argue that six is too small. But why limit the maximum password length to 12 characters? Any site that has a maximum password restriction below 50 characters has me wondering how exactly they are managing password storage and security.