Comment by tuetuopay
1 day ago
That's without considering a lot of banks have non-textual inputs for their passwords. Man they love their scrambled virtual keyboard!
I think the worst I ever had was HSBC that asked me for fragments of my password, like characters 4, 6, 7, 11, and 12. Absolute bonkers of a security theatre.
Oh I've never seen anything like that. But it would still help because my password manager pops up matching logins so you could just open that manually and then copy paste parts of it or type it in.
Definitely. If bitwarden does not shows a little "1" icon I'm basically lolnope'ing out.
Still, it pains me to see that practices from the early keylogger era are still "good practices".
Had a similar UK bank experience. Without knowing it would be used for that, I had created a password that had digits. So "What's the 4th character" would be something like "6," "What's the 6th digit" would be "2," like an Abbott and Costello routine.
How can they even do that without storing plaintext passwords?
It's a bank, and a rather old at that. I fully expect them to store the password in cleartext. (hence the security theatre qualification)
Banks are notorious for taking security as a strict cost/savings measure. I would not be surprised if they enforce weak passwords stored in cleartext on purpose to save on support agents for the people that forget/lose their password. Imagine the customer service reviews: "they were able to find my password back, 5/5". Probably enough savings to offset the cost of refunding people that got their account pwnd. Cost of doing business.