Charles Schwab (which, security practices aside, is a fantastic place to bank) doesn't (as far as I can tell) store your password unhashed.
However, they manage to make this irrelevant, because passwords are restricted to between 6 and 8 characters and can contain only numbers or letters. I can only hope the passwords are bcrypted to high heaven.
My bank also doesn't one-way hash my password. On occasion they turn their computers around to me and show me my password at the counter. I suspect they may be encrypting it in the storage medium and encrypts/decrypts on the fly.
2 comments
[ 8.8 ms ] story [ 23.0 ms ] threadHowever, they manage to make this irrelevant, because passwords are restricted to between 6 and 8 characters and can contain only numbers or letters. I can only hope the passwords are bcrypted to high heaven.
PS One way hashing is different to encryption.