|
|
|
|
|
|
by Haegin
1249 days ago
|
|
|
A bank I used until about 2018 (no idea if they've fixed this yet - I left) had an exactly 6 character password, and when you used telephone banking it just needed the 6 digits that corresponded to that word. Those 6 numbers also worked online, so at best they were turning all passwords into numbers before hashing them, ensuring there are less than 900000 different possible passwords, which was trivially easy to brute force in 2015, nevermind today. |
|
|
This i what happens with the 4 digits of a CC PIN and the 3 attempts before the card switches into PUK mode.