I'm kind of confused here - I tried to log in to my Ally account to pay my car payment and was informed that their passwords don't accept symbols and that I need to reset my password. 

This was a surprise; I can't find any sort of email or other notification about this change. And it was sort of a hassle because I don't keep my VIN or account number handy. 

But more importantly, doesn't removing symbols and non-alphanumeric characters from passwords make them easier to guess and therefore less secure? Why would a financial institution change their password policy in this way?

Sure having a complicated password won't help if #Anonymous releases your password for #LULZ but it is still better than password123, right?

I'm fairly technical but I'm at a loss here. I'm hoping some of my more paranoid and tech-savy friends might be able to let me know what I'm missing here.