Re: Santander must also not be hashing passwords
"but to log in to Santander from a real computer requires the customer ID, 3 characters from your password (which actually allows strong passwords without stupid restrictive rules), and 3 digits from your 5 digit numeric PIN."
My current account from a 'real' computer requires me to decline installing the trusteer crap (every time because I don't keep cookies), enter a numeric customer ID, and a full numeric PIN on a page which shows a personalised icon and phrase. I seem to have a password which I am never asked and setting up a payment recipient requires more authentication.