[eftpotrm]

Not necessarily, they could in theory be entering your password into their computer and seeing if it matches the hash, exactly as if you logged in. But, if they're asking for you to read your password to their call centre down the phone, I'd be surprised if they were that savvy.

[aquark]

I'm not sure it follows that reading the password down the phone is a bad idea ... unless you are calling because you have forgotten it!

My bank has a separate passphrase that I have to use on the phone and I call them rarely enough that remembering it is always a challenge. Asking for my mother's maiden name can hardly be considered secret anymore, and remembering the answers to other security questions is a pain: what did I claim was my favourite movie a year ago?

If I've called them I don't really have a problem reading my password to them. If I don't trust the call center staff I can always change it afterwards.

[eftpotrm]

If you're reading it down the phone then you're revealing your login secret to an insecure third party and potentially providing them with the means to log in as you.