HCP Login contravenes NIST requirements

HCP login requires numbers and special characters. This contravenes NIST’s Digital Identity Guidelines (800-63B) which in section 5.1.1.2 “Memorized Secret Verifiers” discusses the norms on password requirements:

Verifiers SHOULD NOT impose other composition rules (e.g., requiring mixtures of different character types or prohibiting consecutively repeated characters) for memorized secrets.

I’m not sure if there’s a better place to submit this issue.