My bank has just decided to implement a new security measure -
entering passwords via an on screen keyboard.
This is to get around key loggers and trojans. Does this sound like a
good idea to others, or am I just missing something?
Surely this makes it slower to enter your password (a lot slower) and
much more visible to anyone in the vicinity?
I think I'd be happy to have the option to use such a keyboard, but
I'm quite happy to type my password thanks...
Chris McLay …// designer
Email chris at eeoh.com.au
You may want to check out ING's website login. They give the option of either using the mouse or the keyboard. The tricky (and perhaps more secure) part of using the keyboard in this case is that they change the letters mapped to each number, so you have to pay attention.
From: Chris McLay <chris at eeoh.com.au>
To: discuss at ixda.org
Date: Wed, 25 Jan 2006 10:58:38 +0800
Subject: [IxDA Discuss] Onscreen Keyboard to Enter Passwords
Do you Yahoo!?
With a free 1 GB, there's more in store with Yahoo! Mail.
> You may want to check out ING's website login.
Yeah, as a user of ING I find their login super annoying ... they've
always had the most difficult login of all my financial institutions,
but this on-screen revolving keyboard thing has taken the insanity to
a new level ... I mean, come on ... honestly ... it's part of the
reason I only have a simple savings account with them and not more
When it comes to security features, the goal is to balance ease of use with
the most secure protocols possible.
Some customers might feel better about ING because it seems more secure than
other online banks. Whether it is or not is another question. However,
being perceived as more secure might be a stronger sell than having the most
streamlined login process for many potential and current customers.
The more painful ING security protocol for me is Step 1 (having to enter my
customer number, which is long, system assigned, not editable, and different
than my ING account numbers just to log in each time).
On 1/26/06 2:36 PM, "Benjamin Bennett" <benneb at gmail.com> wrote:
> Yeah, as a user of ING I find their login super annoying ... they've
> always had the most difficult login of all my financial institutions,
> but this on-screen revolving keyboard thing has taken the insanity to
> a new level ... I mean, come on ... honestly ... it's part of the
> reason I only have a simple savings account with them and not more
maria romera wrote:
> They give the option of either using the mouse or the keyboard. The
> tricky (and perhaps more secure) part is they change the letters
> mapped to each number
and Mark Kawano wrote:
> Some customers might feel better about ING because it seems more
> secure than
> other online banks. Whether it is or not is another question.
The login is already a secure connection (i.e. https) so it seems a
little pointless to add this type of feature.
Instead of hiding their online security advice two or three clicks and
a screenful or two away they should offer tips, like those found under
"tips to protect your privacy" (huh?), right there on the login page:
"Make sure no one is looking."
"Don't write your pin down next to your computer."
"We will never ask you your pin number over the phone."
Simple, easy, and reassuring.
All in less words than they are using to explain their weird keyboard
thing. Oh, they need to fix up the mouse point (at least in FF) so one
can tell the buttons are clickable.