I tried to log into my OTP account today with my browser.
The bank has changed their web site and login.
And now the site limits passwords to a maximum of 8 characters. My password is longer. Could not login.
I have worked in IT for many years. And I know about security. There is no need for such a change. Limiting a password length is beyond stupid. Passwords should be stored hashed to a fixed length depending on the hash, so there is no need to limit the raw password length. Especially since just two extra characters beyond 8 can greatly improve security, The bank now even allows passwords as short as 6 characters, which with current computer power is potentially insecure for account access.
This is ridiculous and shows a complete lack of understanding of password security.
Either this change may indicate the bank is storing passwords in plain text, or else they hired incompetent programmers. Either reason is disturbing. So I can not trust this bank's security.
Thus, I will be closing my OTP account.
Recommend others do the same if they use web based account access.