Reply to post: Wouldn't know about MS, but banks...

'Cuddly' German chat app slacking on hashing given a good whacking under GDPR: €20k fine

Adam Azarchs

Wouldn't know about MS, but banks...

HSBC at least I'm certain is storing my password in plain text.

How do I know? Each time I log in they choose a random subset of characters from my password which they want me to enter. I'm not clear on what the point of this process is (making password managers harder to use would be my guess, because their IT security staff apparently live in backwards-land) but unless they've stored a hashes for every possible combination of 4-character subsamples of my password (which wouldn't be a whole lot better, mathematically) then they're storing it plain-text.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021