A good security practice is never to maintain a database of login passwords for your system but instead to maintain a database of hashes of passwords (using some suitable hash function) and at login compare the hash of the password provided with the information stored in the database.
However, I am increasingly seeing examples of logins where I am required (for example) to only provide the 3rd, 4th, 6th and 8th characters of my password. Does this mean that my original password must be stored in order to do the character comparison? Or is there a special type of hash function which still allows character comparison?
many banks do that, and typically you enter those characters by choosing them via mouse clicks instead of using the keyboard. All this is to prevent keyloggers getting the password. But yes it must mean they keep the plaintext password stored.