Comment by aurelian15

When I asked, I got the answer that I could chose an arbitrary 16 character long user name, that the password may contain special characters, that the number of allowed failures for logging in is limited and that any actual money transfers are protected by a TAN. So it may not be that bad, given that the PIN for my EC card has only four numbers.

Still, I agree that this scheme is somewhat odd and no limitation on the password length would be preferable.