Onscreen Keyboard to Enter Passwords

24 Jan 2006 - 8:58pm
8 years ago
4 replies
2182 reads
Chris McLay
2005

Hi,

My bank has just decided to implement a new security measure -
entering passwords via an on screen keyboard.

http://www.westpac.com.au/internet/publish.nsf/Content/PBOB+New+SignIn

This is to get around key loggers and trojans. Does this sound like a
good idea to others, or am I just missing something?

Surely this makes it slower to enter your password (a lot slower) and
much more visible to anyone in the vicinity?

I think I'd be happy to have the option to use such a keyboard, but
I'm quite happy to type my password thanks...

Chris

--
Chris McLay …// designer

Email chris at eeoh.com.au
Web http://www.eeoh.com.au/chris/

Comments

25 Jan 2006 - 5:09pm
mariaromera
2005

Hey Chris,

You may want to check out ING's website login. They give the option of either using the mouse or the keyboard. The tricky (and perhaps more secure) part of using the keyboard in this case is that they change the letters mapped to each number, so you have to pay attention.

<https://secure.ingdirect.com/myaccount/InitialINGDirect.html?command=displayLogin&device=web&locale=en_US&userType=Client>

Cheers,
Maria

From: Chris McLay <chris at eeoh.com.au>
To: discuss at ixda.org
Date: Wed, 25 Jan 2006 10:58:38 +0800
Subject: [IxDA Discuss] Onscreen Keyboard to Enter Passwords

Hi,

My bank has just decided to implement a new security measure -
entering passwords via an on screen keyboard.

http://www.westpac.com.au/internet/publish.nsf/Content/PBOB+New+SignIn

This is to get around key loggers and trojans. Does this sound like a
good idea to others, or am I just missing something?

Surely this makes it slower to enter your password (a lot slower) and
much more visible to anyone in the vicinity?

I think I'd be happy to have the option to use such a keyboard, but
I'm quite happy to type my password thanks...

Chris

--
Chris McLay
// designer

Email chris at eeoh.com.au
Web http://www.eeoh.com.au/chris/

---------------------------------
Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.

26 Jan 2006 - 4:36pm
Benjamin Bennett
2003

> You may want to check out ING's website login.

Yeah, as a user of ING I find their login super annoying ... they've
always had the most difficult login of all my financial institutions,
but this on-screen revolving keyboard thing has taken the insanity to
a new level ... I mean, come on ... honestly ... it's part of the
reason I only have a simple savings account with them and not more
accounts.

26 Jan 2006 - 6:17pm
Mark Kawano
2005

When it comes to security features, the goal is to balance ease of use with
the most secure protocols possible.

Some customers might feel better about ING because it seems more secure than
other online banks. Whether it is or not is another question. However,
being perceived as more secure might be a stronger sell than having the most
streamlined login process for many potential and current customers.

The more painful ING security protocol for me is Step 1 (having to enter my
customer number, which is long, system assigned, not editable, and different
than my ING account numbers just to log in each time).

-Mark

On 1/26/06 2:36 PM, "Benjamin Bennett" <benneb at gmail.com> wrote:

> Yeah, as a user of ING I find their login super annoying ... they've
> always had the most difficult login of all my financial institutions,
> but this on-screen revolving keyboard thing has taken the insanity to
> a new level ... I mean, come on ... honestly ... it's part of the
> reason I only have a simple savings account with them and not more
> accounts.

26 Jan 2006 - 7:29pm
Terrence Wood
2006

maria romera wrote:
> They give the option of either using the mouse or the keyboard. The
> tricky (and perhaps more secure) part is they change the letters
> mapped to each number

and Mark Kawano wrote:
> Some customers might feel better about ING because it seems more
> secure than
> other online banks. Whether it is or not is another question.

The login is already a secure connection (i.e. https) so it seems a
little pointless to add this type of feature.

Instead of hiding their online security advice two or three clicks and
a screenful or two away they should offer tips, like those found under
"tips to protect your privacy" (huh?), right there on the login page:

"Make sure no one is looking."
"Don't write your pin down next to your computer."
"We will never ask you your pin number over the phone."

Simple, easy, and reassuring.

All in less words than they are using to explain their weird keyboard
thing. Oh, they need to fix up the mouse point (at least in FF) so one
can tell the buttons are clickable.

kind regards
Terrence Wood.

Syndicate content Get the feed