This means that it takes me an additional minute and 500% more brain power to login than I would want (and was expecting to). That minute might not sound a lot (and extra use of the brain), but when you are in the zone and with a good mojo, it can be the difference between an idea being implemented and being lost.
This is what the login (and password) looks like (at least they had the common sense to NOT mask the password):
I would like to see the Threat Model that lead to the decision to use such strong password (specially in a location where that page happens after an http redirect)
What a UX fail, no wonder security as such a bad reputation with devs and users
Update #1: To make it more user friendly they expire the session after 30m!!:
which took me a couple attempts to get right!!! (btw, they also use special chars like the _ )
Update #2: Here is how Starbucks does it (a slightly better interface)