Why would a site demand passwords to consist of digits only?

My bank's internet banking site enforces a pretty weird policy: it does not allow you to set a password that has anything but digits in it. The only reason I can imagine is that they are using not an industry-standard password hash function like say SHA-256 but some silly homebrew replacement that works only on digits. Does anyone have a better explanation? Mine is somewhat frightening, security-wise.


They are most likely considering all forms of user input (and need the password to work via other modes such as at an ATM or via phone touch-tone) and therefore limit it to just numbers. Of course the only way to be sure is to have them answer this question, but the scenario is not uncommon with banks that have consolidated remote banking functions onto one platform.

Edit: I remember a question very similar to this on SE (I think it was here in security) but searching isn't finding what I am looking for... Anyone else recall?

Category: web application Time: 2016-07-28 Views: 0

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C) avrocks.com, All Rights Reserved.

processed in 0.102 (s). 12 q(s)