Futures
Access hundreds of perpetual contracts
TradFi
Gold
One platform for global traditional assets
Options
Hot
Trade European-style vanilla options
Unified Account
Maximize your capital efficiency
Demo Trading
Introduction to Futures Trading
Learn the basics of futures trading
Futures Events
Join events to earn rewards
Demo Trading
Use virtual funds to practice risk-free trading
Launch
CandyDrop
Collect candies to earn airdrops
Launchpool
Quick staking, earn potential new tokens
HODLer Airdrop
Hold GT and get massive airdrops for free
Pre-IPOs
Unlock full access to global stock IPOs
Alpha Points
Trade on-chain assets and earn airdrops
Futures Points
Earn futures points and claim airdrop rewards
Plaintext storage confirmed! Indian banks forcibly change all user passwords: all changed to uppercase
Ask AI · Why is HSBC India the only region taking this action, while others do not follow?
Kuai Technology, April 2 — According to reports, HSBC India recently issued a notice to all customers stating that, starting from April 6, 2026, all English letters in the online banking login passwords will be uniformly converted to uppercase. For example, the original password Test123 will become TEST123.
This move has triggered an uproar in the security field. Security experts point out that this means HSBC India has long stored users’ passwords in plaintext or in a reversible format, which seriously violates modern security standards.
The basic security principle of password systems is: what the system stores is not the password itself, but a hash value processed by a one-way hash algorithm, and banks never need to—and will never—see the actual password.
The hash values of Test123 and TEST123 are completely different. If the system only stores hash values, it is impossible to carry out an operation that converts lowercase letters to uppercase.
HSBC India’s ability to batch modify password letter casing can only be reasonably explained by the fact that its backend stores the password in plaintext, or an decryptable ciphertext, rather than a hash value.
Security experts further note that this change will significantly weaken password strength. A password with 8 characters that mixes uppercase and lowercase letters with numbers has about 218 trillion possible combinations, and brute-force cracking would take about 100 days; after converting it to all uppercase, the number of combinations drops to 2.8 trillion, reducing the cracking time to less than 2 days, for a security decrease of about 98.7%.
External speculation suggests that HSBC India’s move may be a transitional measure for migrating from an old password system to a new one, but this process itself exposes how severe the legacy technical debt is.
It is worth noting that HSBC Group’s other regions (including the UK and Hong Kong) have not adopted this policy, and users can still use passwords with mixed case as normal.