I don't think it's fair to assume weaknesses from 6 years ago still persist.
* I just tried to login with the first 8 characters of my password and it was not successful.
* Also this password is autogenerated and contains plenty of special characters.
* Their 2FA system no longer depends on the concatenation of password + token.
Also this reminds me of another HN discussion[1], which basically boiled down to the question of "Do you really think the only thing the bank does to log people on is to check the username and password?" I certainly hope not.
