My bank requires your password to contain NO vowels. I always forget when I update the password (forced to every 3 months) and the error never mentions it.
I'm struggling to think why this would be a thing. The only guess I have is someone was told to enforce "no dictionary words in a password" and saw that as an 'easier' way to implement?
One one hand it reduces the total # of characters needed to brute force which is bad. On the other hand, like you said, it makes it so dictionary attacks are weaker - which is good
Although I think you could just get a regular dictionary, remove the vowels, and it would probably work just fine