Re: Comparing password characters
> You can believe that all you want but I know for certain that a major non-banking player in the UK held plain text passwords because I manipulated them into telling me what my password was.
The password could be stored using reversible encryption, PCI compliance allows this for card numbers which don't change often if at all.
Of course the "encryption" could just be strrev() or Igpay Atinlay and nothing excuses giving out passwords. Bad major non-banking player!