Re: help!
Assuming encryption not hashing, then the answer is easy. Decrypt the password, check the characters provided, return true/false.
If hashing, the problem is actually worse. Even if they hash each combination of 3 characters, then any leakage is trivial to brute force. First 3 characters require 64^3 guesses, and then each additional one requires just 64 (assuming your bank actually allows 64 different characters in your password)
Biting the hand that feeds IT
