Hsbc: Security Code

But here’s the deep problem: — birthdays, repeated digits (777777), sequences (123456). So effective entropy is far lower. One internal banking study found ~20% of 6-digit codes are one of the top 100 common PINs.

HSBC allows you to choose a “memorable” security code — a phrase converted to digits (e.g., “CAT” = 228). That’s terrible for security: hsbc security code

Security codes like this fall into the weakest authentication factor: . HSBC’s code tries to compensate by: But here’s the deep problem: — birthdays, repeated

Instead of a static numeric code, HSBC could implement (like many fintechs): You get a prompt: “Approve adding payee John Smith?” — no code to remember or steal. But legacy phone banking (still used by millions) prevents this. The security code is a compromise for backwards compatibility. HSBC allows you to choose a “memorable” security