Last night new password can be more than 8 chars + you need a special char too. A bit too late if you ask me tho

For those that are saying u can still login with 8 correct password + xyzzzzzzz

The reason for that is probably
1) you urself didnt change the original 8 characters password.
2) the system still need to provide backward compatibility to users who didn't change to a longer password, maybe their implementation is poor, if fail to match full length password, then match 1st eight type of code...
3) in term of the 8 characters password being a problem in the 1st place.... That shouldn't b.. passwords even with 8 characters shld be sufficiently strong if you have it at least randomized, they shld implement blocking of subsequent tries after failure of the first 10 attempts.

Whatever is happening, its more than just a password issue i believe.

For those that are saying u can still login with 8 correct password + xyzzzzzzz

The reason for that is probably
1) you urself didnt change the original 8 characters password.
2) the system still need to provide backward compatibility to users who didn't change to a longer password, maybe their implementation is poor, if fail to match full length password, then match 1st eight type of code...
3) in term of the 8 characters password being a problem in the 1st place.... That shouldn't b.. passwords even with 8 characters shld be sufficiently strong if you have it at least randomized, they shld implement blocking of subsequent tries after failure of the first 10 attempts.

Whatever is happening, its more than just a password issue i believe.

shit!! I cannot log in at all. it says "Invalid User ID or Password [CLK00619]". someone change my password????

You type korek or not first. If korek, then RIP. try call customer service see can help or not

i had been hating cimb for a long time because they forced user to limit password for 8 chars..  After so many years since the existence of online banking, they made that changes only recently...

me ikan bilis balance still there..
so i try to change password but keep on say invalid.

You type korek or not first. If korek, then RIP. try call customer service see can help or not

Instead of recaptcha, they should follow what UK banks doing. 2FA. But problem is that could be too complicated for users to set up the first time. Recaptcha is to identify bots. What about real humans? I don't think recaptcha is relevant for a banking website.

I'm using HSBC UK's 2FA. Really powerful. But is a pain to set up for the first time.

Can someone tell me from the technical point of view, why is :

1. Existing username + existing 8 character password = safe (I presume this is safe otherwise you won't be using the same password for n years)
2. Existing username + (existing 8 character password + random character string) = unsafe

Virtual 2FA is a nightmare for IT noobs
Unless they learned from SG which is to give out physical token device to everyone