Hacker News new | past | comments | ask | show | jobs | submit login

This aggravates me beyond belief. I have more secure passwords on random sites/accounts than I do on my financial accounts. Why do banks insist on restricting character limits to 12 - 20 characters?



> Why do banks insist on restricting character limits to 12 - 20 characters?

Because they are not hashing your password, therefore it needs to fit in plain text in their database column.


Citibank is even worse. I use a password manager and have used a 20+ character password for years. Every now and then, as happened a few months ago, they change the website in a way that breaks long passwords. So even though my password manager entered it correctly, it rejected my password until I had to reset it.


Same. At least they fixed the issue (years ago, to be fair) where you could log into your Citibank account and tweak the URL to see other customers' data...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: