my password need 34 thousand year to crack, is that secure ?

OKAY, it asked for CVV, OPTIONAL IF HAVE, but that is all about it.

1. This was a long long time ago

2. My password has been 12-15 characters for the last one year at the very least, so they removed the 8 character limit sometime back.

3. Considering how passwords are stored, their algorithm is messed up to say the least.

4. True, which means either they have migrated to storing the password in one way hashes, or they just changed the function.

5. When you know for sure that the password is 8 characters long, brute forcing becomes super easy, especially with all the data leaks that has been happening. Most people, even if they use different passwords, tend to keep the same first few letters.

6. The time it takes to crack a 8 digit password is under 5 minutes. Throw in characters and it takes closer to an hour. The problem here is that CIMB doesn't block login failures. And instead of blocking login failures, they implement a reCaptcha. Stupid smart.