On 14/09/18 11:06, Mark Rogers wrote:
Are there any password managers that can cope with the "pick characters 3, 5 and 11 from your password" security challenges?
Santander has just moved to that, and if you have a secure unique password it's a pain.
Dunno but if you find one, let us know! :-) I've used an app that lets you view your password once you've logged (to the app) in so if I can't remember which character is the 7th, you can see it and count.
<RANT>Santander also require that the password is max 16 chars and alpha-numeric only. Because security, or something. The mere fact that they want me to pick certain characters from it already tells me that the password isn't being stored salted and hashed.
It's a good job their app can use biometric because their website has just become pretty much unusable for me now.</RANT>
Makes no sense from an internet banking POV, but from a telephone banking POV, it does. The Teletubbie in the call centre can't see your whole password, so they can't hack your account by pretending to be you; you however can still authenticate yourself.
You're right though, they must store your password in the clear, or in a decrypt-able form in order to be able to do that.
Steve