Why restrict the length of a password?
Lately I've noticed a lot of online applications that have odd password requirements. For instance, I recently opened up an account at Chase Bank and had to choose a password for online banking. The password had to be between 6 and 8 characters and strictly alphanumeric. No carets, ampersands, stars, or anything else like that. My CapitalOne credit card's online banking password is similar. The password can't have any special characters, and it had to be between something like 8 and 10 characters. An eleven character password would be invalid.
Even the popular web host Webfaction, (which appears by all means to be ran by fairly competent people), has a requirement that passwords can't have certain characters. (For proof, watch one of their screencasts where a dev has to choose another password because "example.com" was rejected based on it having a period.)
So far in my web developing "career", I've always just let the user use whatever password they want, as long as it's bigger than 5 or so characters. The password always gets ran through some kind of hash algorithm anyways. So it doesn't matter if it's a 300 character password, or a 5 character password, it's always going to be worked with internally as a 32|64|128-character hash.
The question I'm asking here, is what is the basis for limiting passwords like this? Why would it even matter? Is there something I should know here? I can understand limiting a password to at least so many characters, but why impose an upper limit? Additionally, I can understand forcing the use of special characters for a stronger password, but what purpose does restricting their use do?