Sorry, I misunderstood your post. They could do this by doing the process I described above AND storing parts of your password. Without further research, this sounds insecure though.
E.g. your password is: SuperSecure? The hash of your password is: 15837A4C3B Your client sends the hash and the characters 0,2,4 to the server: S p r They can then ask you for single digits of the password.
Another possibility is that they could encrypt the characters with a key to build a more secure value to transmit. As the others have said, this is possibly unsecure too.
In general: it’s services are either comfortable to use or secure. You can achieve both on a basic level, but not on a higher level.