Dunce Cap tip
Isn't it security-101 to not store passwords on the server - but their hashes instead?
How come then does the NatWest server know individual letters of my password
when it prompts me for a random selection of them at each login?
Biting the hand that feeds IT © 1998–2019