[solatic]

For what it's worth, such password schemes usually include lockouts after small-N tries to prevent the passwords from being brute-forced from the outside, and an attacker with database-level access is probably going to use it not to compromise passwords but to directly change balances.

Not to excuse such password schemes - they're horrible, and banks need to get with the times - but if they were really so ineffective, their coffers would have been drained long ago.

[jjeaff]

Full write access to a database is a totally different thing than reading out the plaintext passwords or getting a leaked dump of the data. Perhaps a mishandled backup.

[solatic]

Which is one of the reasons why these schemes are horrible. But the point remains that banks are afraid of database leaks for other reasons.

Maybe think of it like this: imagine that you have an airgapped system where all the endpoints are running Windows XP (reasoning being something like hardware drivers that were written by defunct companies and can't / won't be upgraded). Is it horrible that such machines are running unsupported, EOL versions of Windows? No question. But if there are other controls in place (like airgapping, like 24/7 physical access control to the endpoints), it might still be possible to provide de-facto effective security.