Customers of HSBC India's online banking will have to type their passwords in all capital letters This article explores banking type passwords. . This change is part of a larger effort to improve data protection and the overall security of the system.

The bank's official FAQ still says that passwords are not case-sensitive, which makes it seem like there is a contradiction in their public documentation. Users are strongly encouraged to change all of their passwords right away to improve security and protect against automated brute-force attacks and credential stuffing attempts. The bank's policy effectively cuts the number of password options in half, making them much harder to guess because they have more entropy when mixed with cases.

For example, if a user's password was "test123," they would have to type it in as "TEST123" when they log in to their account through the internet banking portal. This strange event has led to speculation about the possibility of storing passwords in plain text or using very bad old security methods. Standard cybersecurity practices say that credentials should always be stored as one-way hashes.