Hacker News new | past | comments | ask | show | jobs | submit login

I’ve had the goddamn Citibank _require_ that I use a password 6 or 7 characters long on one of their systems. This year (2019).

What system is this? I had used a 20+ character password on their website using my password manager to enter it every time. One day they said the password was wrong, which was unlikely since the password manager was entering it. I ended up doing a password reset and set it to something shorter like 15 characters, and then it worked. I don't know if they truncate or not, but they've definitely allowed much longer passwords than 6 or 7 characters. I've hit this issue with their website more than once so I know they've fixed it and re-broken it a few times in the past.

I think it was the one for showing you the pin of a corporate credit card.

Another bank I had around 3 years ago used only the 5 first characters, and these 5 first had to be numbers.

I guess anyone can just hack a password in like 1 second on a phone or something?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact