this is back in 2008 – 2009, i started a account with religare trading account, i am not sure how they are performing now, below blog post is about my experience with them in above specified period.
they have this highly secured access method, if i remember correctly, to login i need to provide two passwords along with very ‘unique’ username, and i have to reset my password every two weeks, and whenever you change password you cannot reuse the same password used in any of that two passwords for last 3 times, also password should contain at least special character, caps alphabet and small letter and a number, i am not a creative person for passwords, and with this much restrictions, i nearly have to act like a password generator myself. With all these pain, i end up writing down my passwords. One fine day i gave the service once for all. I still get emails from religare once in a while to checkout all new improvised platform, i never feel confident with them…
It is good to impose tight security, but in the name of security dont impose something unrealistic, for a user your website is just another service he uses, his life is not dedicated for your service.
i wish these password mechanisms are simple for end users.