daily max now rm30K

knn... meaning still need to go to branch tomorrow

WHYYYYYYYYYYYYYYYYYYYYY LAHHH CIMB!!!       

remind me of 3des in ecb mode haha. any 8 chars + 12345678 can straight login? 
so migrate old customer with 8 chars password to new field length. do some shitty re-hashing workaround by just + current pass with random 12345678 number so that their password can still works.
i guess that captcha thing is to reduce bruteforce attempt? kek  if this is the case, just update your password will do la 

IIRC kana do at the cimb atm machine only. online cannot .

meaning if you are at overseas... GGWP

Guys a bit tired to read through the thread now. Can someone pls give me the TLTR version.

Just want to know who is at risk & what to do if you been compromised???

Don't ask me to transfer money to other Banks bcs I have few loans with cimb...

so actually safe? CIMB introduced new password and captcha system....maybe the ones that kena hack via paypal are the ones that their banking details already compromised through online shopping transactions..that why suddenly panicked and blame new cimb system..

Does this mean even at 3 failed login attempt, it will use the captcha and not block the account? 

4chan introduced capcha a few years ago, but CIMB doing it now? For what though? 4chan I understand to cut spam, but CIMB is bank login, if a bot tries different variations to log into a single account, transactions will be suspended, and you need to unblock the account for security reasons at branch or something kan?

So which stupid shit in CIMB decided to introduce capcha?

will just leave this here for now

So why problem ?

Their back end only take 8 characters mah ....

This is because when they changed the password policy to include special characters, they didn't force everyone to change their password.

Therefore they have to cater logic for old password logic and also new password logic.

But to implement it in this half ass way is plain stupid. This is not some wordpress blog yo. This is a fucking bank.

#programmingtalk

Maybe they should have implemented the failed login limits.
For security purposes.
Heck even my Bank Rakyat online account have that 5 times limit.
Once exceeded limits, my online banking will be blocked and need to call bank to unblock.
Bank Rakyat yo. A small bank only.

honestly, nothing wrong with CAPTCHA on any screen.

the core behind CAPTCHA is to reduce automated entry by machine. it is not possible to eliminate altogether in probability, but the bar is higher than nothing at all. even if you only manage to eliminate 50% of automated attacks, that itself is a reduction.

look beyond the CAPTCHA and stop complaining about it being on any screen.

instead, question what the screen does to further eliminate threats not yet filtered by CAPTCHA.

Coded at the client side aka website there which by right should be at server side only.

Last time was 8 alphanumeric characters, the password input during login will stop after typing 8 characters, then later it accepts many characters but only the first 8 will be taken. Been like that for sometime.

Yup, but you still can opt out the debit card feature

One question, I noticed a hotel employee jotted down my full credit card number, expiry date and the numbers behind. Is it normal or I should sound the manager?

yea...someone replied me liao...

seems like the pwd and this paypal thing are 2 different thing altogether

closed front door with triple grill..but back door entrance still open wide