This is about the dumbest thing I’ve ever heard of (well not quite). I can’t believe a big company like AOL would actually do something this dumb:
http://blog.washingtonpost.com/securityfix/2007/05/aols_password_puzzler.html
Basically, for some users, (apparently those who started out as an old-school AOL think-client user) all passwords are truncated to 8 characters, made case insensitive, and had any special characters removed. Thus making ‘password123’ the same as ‘password%a93#$’.