So I noticed something earlier today when I was trying to buy some PSN items from the web store and then switched to PS3 in the middle due to the web store not loading properly. On the web store, it correctly checked my password and didn't allow one of my old passwords to go through. However, on the PS3 store I managed to log in with both my current and older passwords. The old password was even able to purchase items from the store. Does anyone know why the PS3 allows for older/incorrect passwords? One more thing to note is my old password has at least 3-4 digits different when compared to my newer password, so it is largely the same and was only changed due to a PSN hack.
I was speculating on why this works and I thought of some potential reasons: PS3 could have a file that stores password history and mistakenly allows past uses, password system may have hash/encoding duplicates or allow for a certain degree of error, and possibly Sony's password checkout option doesn't check just password but will allow due to other factors like console ID/IP address/etc.
Those are all just theories, so if anyone knows more or can confirm that'd be pretty neat.