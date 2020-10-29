I've asked Westpac a few times in the the last few years (since early 2018 when they launched Westpac One) why they don't have case sensitive passwords on their online banking.

They've responded in the past that increasing complexity just makes people write the password down, so it's less secure.

Pointed out that their own security guidance on the site said to use a mix of upper & lower for a strong password. - To fix this anomaly, they removed that guidance :)

I was talking to them about something else - asking if they would consider their Online Guard OTP codes could be generated in the Westpac One app (fingerprint protected) instead of insecure SMS codes.

Again, I brought the password issue, then asked if their staff need to use a strong password to login, and if so - why their customers don't get the same courtesy (I'm also not sure what the impact on their PCI compliance would be with me accessing their systems with a case insensitive password)

They have confirmed as of today, passwords are case sensitive. I've tested mine, but being cynical can someone else try their in the wrong case and see that it fails?