Index ¦ Archives ¦ Atom

Bendigo Banks Password Requirements

Bendigo bank's password requirement make for an interesting read.

  • You must have exactly eight alpha-numeric characters in your password.
  • Your password must include at least one letter and at least one number.
  • The password is not case sensitive.

The bit about your password not being case sensitive means they are storing it in plain text1. Troy Hunt also did a good write up on bank's SSL settings where they got a "B" grade.

Bendigo Bank

  1. They could also be converting to all lower or upper case before hashing or hashing the 128 possible variations of your password (2^7 because at least one character must be numeric) but I doubt it. 

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.