Off-by-one bug caused the comparison of only the first 3 chars of the proposed password against "QWE", "ASD", and "!@#" rather than the 4 character pattern match as intended.

These lines should be removed anyway since this can be easily achieved via password.can (as intended), but I couldn't help myself but to fix this ancient bug.