Why don't banks like root on Android? - eviltoast
  • trafficnab@lemmy.ca
    link
    fedilink
    arrow-up
    6
    ·
    7 months ago

    Air Canada’s online account system required a 6 character password, which was secretly converted via T9 to 6 numbers on the back end, meaning “aaaaaa” and “bbbbbb” were effectively the same password, and this was only fixed in 2018

    • 4z01235@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      That sounds like someone who topped out with highschool level programming tried to implement a hash algorithm.

      • trafficnab@lemmy.ca
        link
        fedilink
        arrow-up
        4
        ·
        7 months ago

        My personal theory is that it’s a remnant of an old system that was only accessible by phone (hence the 6 digit pin), and they simply grafted an online component on top of it