As I was attempting to log in to my TransUnion account today, I went to fill in my creds using my password manager. I received an interesting error message that stated passwords had to be between 8 and 15 characters. That caused me to raise my eyebrows since, as one might expect, my password-manager-generated password is longer than that and it has worked perfectly fine in the past.<p>On a hunch, I deleted the excess characters from my password. Lo and behold: I got right in. Unless I'm missing something, the only way they could have truncated it thusly would be if they're storing it in plain text, right? Or, as my coworker just hypothesized, perhaps they were accepting longer passwords but only hashing up to 15 characters? Either way, seems fishy. Is anyone able to repro?<p>You'd think the credit bureaus would have invested in better security / developers after the Equifax breach, but, perhaps not so unsurprisingly, it looks like they still have their heads in the sand.