Reply to post: Dunce Cap tip

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Forget It

Dunce Cap tip

Isn't it security-101 to not store passwords on the server - but their hashes instead?

How come then does the NatWest server know individual letters of my password

when it prompts me for a random selection of them at each login?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019