Authenticating by using some letters from the password

Question

How do banks authenticate users just by asking some letters of the password. Does is mean that hashes of those individual words are stored in the database, and if yes then would not it make it very vulnerable to break those passwords. Can you please give me some insight in how they do it.

Thanks

Answer 1

It does not matter if they hash this information or not. This way of proceeding is totally unsafe and makes the system very weak. So, the way they do it is really the 'wrong' way.