NatWest in the Uk does it for both the password and the pin, has been since I signed up like 10 years ago. I assumed they do it so you don’t enter a full password that someone could access later. No idea how they work out but they are big and I assume if it was insecure they’d have had issues by now. I assume they store the letter groupings in advance.
Crazy that that hasn’t become an issue for them yet! Thanks for the tips! I used to be pretty bad with my passwords but I’m reformed and using KeePass for everything these days.