Why cant they just also hash those three letter combinations they ask you? Not nearly as secure but I see many people saying that the plaintext must be stored to achieve this, and all I am thinking is that it would require you to store multiple hashes for each user, each a portion of their password.
Still a lot easier to guess a portion of a password than a password, but it doesnt follow in my mind that it is definitely in plaintext.
Three letter hash combinations and single letter hashes would all be essentially plaintext. The security of a hashed password comes from the fact that the password comes from a field of 2^(# of bits) possible values (with more useful bits the more types of "characters" allowed). If you only have a few characters that is so easily crackable (by brute force of every letter or three letter combination) that it might as well be plaintext. It is a security failure if they can get at some of the characters in a password.
However this is a memorable phrase (not password), similar to a security question. These are not generally hashed because customer service uses them to confirm authorization to reset a password.
Still a lot easier to guess a portion of a password than a password, but it doesnt follow in my mind that it is definitely in plaintext.