I find this astounding. I was just working on a workflow that deals with setting passwords, and we try to make passwords more complex, requiring special characters and a certain length. These guys (Fidelity, to be exact!) are moving backwards in time, restricting your password to only certain special characters and not others.
I see absolutely no good reason for this. If they are concerned with a sql injection attack, they need to solve that internally without sacrificing user experience.
Actually, after clicking through some of the other workflows on fidelity website, I couldn’t even click a “continue” button, and there was no error. Inspector said there is a 500 code response from the backend. Therefore I give Fidelity’s technical team a low rating of 2/5: not trustworthy. I understand that technology is hard, but also they have money to hire people, and they should really get on top of their own tech stack.