One time I had to reset my password with the power company - they had such a system, and the lady had to read me something like:
Uh4zB4DP55WD!
Apparently I was a bit salty with the system when I set it.
The fact that she shouldn't have even been able to look up the password in the first place due to hashing was lost on her.
That's pretty funny on a few levels, not in the least that they required a "secure" password like that but stored them in plain text.
I regularly conduct transactions at the branch of my local bank wherein they ask me for no credentials whatsoever. I also once forgot to bring my account number with me and the teller said "no worries, I'll look it up for you." Kind of horrifying.
Oh! But that’s safe! Secret question time: What’s your mother’s maiden name.
It helps that it’s a jailable offense to make fraudulent transactions
My bank’s password field is case insensitive. Of course they could have lowercased it before hashing but I doubt it.
Yeah I was a bit shocked... like... you're not supposed to know that!