Password creation problems

I have a client who spent about 3 hours trying to create a Webroot account. I recommended that he move from Nod32 to Webroot and that it was important to get a webroot account. This also entailed two calls to tech support. This was this afternoon - Sep 18. Perhaps you had server issues, but this is what he reported. I have trained him to first enter passwords into Keepass password safe before putting anything into a website. Then always use the copy commands in keepass to copy from the password safe to the site. This way there cannot be any mistyping or even getting an extra space in a copy and paste.



To begin with he setup his account and was sent a verification email. When he entered his 2 characters from his security code he was told they were not valid. He tried various options finally attempting to reset. He couldn't reset because he was told he hadn't completed the setup. He tried resetting the password. That failed. The techs at webroot were baffled but managed to get everything back to working with a new password, and security code. However, when he went to login, it failed again. Another call to tech support got it working but only with a short <= 20 character password, without symbols, but apparently at least 3 numerals. The tech said that passwords couldn't be over 20 characters and couldn't have < or > signs.



My password is 29 characters and many symbols.



So 2 questions:

1. Any idea what went wrong so other clients don't get frustrated with a ridiculous process and give up on getting a webroot account?
   
2. What exactly specifically are the rules for passwords and are you sure the same rules apply to
   

• reset a password
  
• creating a password originally
  
• entering a password normally
  

This may sound stupid, but I've run into more than one site that had different rules for resetting or creating passwords than for checking them, so a password could be accepted on reset, but then not accepted when used to login.