My bank's password used to have to be exactly 6 characters, no special characters and you could use numbers and letters interchangeably because it was also your phone banking password.

[–] hushable@lemmy.world 43 points 1 month ago* (last edited 1 month ago) (1 children)

a previous bank used to have a max password length of 8 characters, then proudly announced that they will increase it to 32

Then I made a typo at the end of my password and it let me in anyway, and I realised they were just trimming the first 8 characters to give the illusion of security

[–] Wizard_Pope@lemmy.world 15 points 1 month ago (1 children)

That is so insane. To think they would rather just clip the passwords instead of habing it be longer.

Did you try out your hypothesis by using the first 8 letters than just random junk until you hit your password length?

[–] hushable@lemmy.world 16 points 1 month ago (2 children)

I tried then first N characters of my password until I found out the threshold was at 8, then I tried with the first 8 chartacters of my password and then random junk and it worked.

I also had two friends in the same bank to validate

[–] Wizard_Pope@lemmy.world 12 points 1 month ago

Unbelievable.

[–] Pandantic@midwest.social 4 points 1 month ago

And I’m honestly surprised they let you do that many password tries. I would seriously consider changing banks.