Bendigo bank's password requirement make for an interesting read.
- You must have exactly eight alpha-numeric characters in your password.
- Your password must include at least one letter and at least one number.
- The password is not case sensitive.
The bit about your password not being case sensitive means they are storing it in plain text1. Troy Hunt also did a good write up on bank's SSL settings where they got a "B" grade.
-
They could also be converting to all lower or upper case before hashing or hashing the 128 possible variations of your password (2^7 because at least one character must be numeric) but I doubt it. ↩
