I don’t think it was a wise decision to set the character limit for passwords down to 16 characters. Are they worried about the hard-disk space? ..or the speed of processing login requests? How much difference would it make if my password was 30 characters? Are they not keeping hashed (e.g. MD5, SHA-1, SHA-2) versions of passwords.
Anyway, I was surprised!