Reply to post: Re: password specifications..

NatWest customer services: We're aware of security glitch

jmch Silver badge

Re: password specifications..

I really hate this "Enter the 1st, 3rd, 10th characters of your password" BS.

a) As a user, if you know the password, it's much easier to just type the whole password than faff about with identifying the nth characters

b) From a security POV, it means that the server somewhere has access to the plaintext password so it can compare nth characters, instead of hashing the passowrd when it is set, storing the hash and forgetting the password. So it's less secure than using the whole password

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

SUBSCRIBE TO OUR WEEKLY TECH NEWSLETTER

Biting the hand that feeds IT © 1998–2019