Comment by tonyedgecombe
9 days ago
My bank’s password field is case insensitive. Of course they could have lowercased it before hashing but I doubt it.
9 days ago
My bank’s password field is case insensitive. Of course they could have lowercased it before hashing but I doubt it.
That's scary. I wonder if incompetence like that could lead to a lawsuit in the case of a breach.
At this point I wouldn't be surprised if there exists a system that just asks for username with a checkbox "check here if you are the owner of this account"