Just so I understand this...
The bank doesn't care *which* three characters - in other words, they aren't asking you to match three characters against a 'picture' composite of the three characters they are asking for, or something like that? Just any three characters?
That's a new one on me...
They probably also don't allow non alpha-numeric characters in their passwords. Most of the online banks are a joke... they implement bizarre login processes like this, but don't allow you to use strong passwords.
Anyway, as to the question...
I think the simplest solution by far is to simply recommend to Dominic to just delete all but three characters after the password has been populated, then click 'Submit'. If the password check really doesn't care which characters, this should work fine - at least, it would be *much* easier than writing code to handle this, but, since you asked...
Sure, I can think of a way to do it, as I'm sure can you - just add an option 'Limit Length of INPUT Password to: ' next to the 'Password Length' field, with a sub-option 'Randomize' - but obviously its not worth the effort, unless this becomes common practice.