Back when we first launched Perma Payments, we decided to have Perma's password requirements meet the minimum length and alpha-numeric requirements of the PCI standard, even though we judged it was not in fact required on either system (since they do not grant access to cardholder data).
The latest PCI standard, with which we are not yet required to comply, specifies a minimum length of 12 chars.
Back when we first launched Perma Payments, we decided to have Perma's password requirements meet the minimum length and alpha-numeric requirements of the PCI standard, even though we judged it was not in fact required on either system (since they do not grant access to cardholder data).
The latest PCI standard, with which we are not yet required to comply, specifies a minimum length of 12 chars.
We could consider increasing our minimum, for internal consistency.