"TalkTalk will also NEVER
Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security."
AFAIK, you can't verify two randomly selected characters to a hashed password. My bank is also guilty of this.
Edit: direct evidence from TalkTalk: https://twitter.com/TalkTalkCare/status/514417284560191488?r...
"TalkTalk will also NEVER
Send you emails asking you to provide your full password. We will only ever ask for two digits from it to protect your security."
AFAIK, you can't verify two randomly selected characters to a hashed password. My bank is also guilty of this.
Edit: direct evidence from TalkTalk: https://twitter.com/TalkTalkCare/status/514417284560191488?r...