This page is dedicated to all those companies that have weak password policies. Enforcing an upper password length limit implies that a company is storing the password and not a secure representation of the password. Storing a salted, hash of a password should be the norm, not forcing an upper limit of length.
Note that if Two Factor Authentication is available then this mitigates the security risk but does not exonerate against bad password management systems.
You can submit a website for inclusion on this page via the form at the bottom of the page.