If you want to provide reliable authentication, given that the user has a keystroke logger installed, you may simply use a visual keyboard written in Java.
Banks have already started doing this .. and phishers have responded with framegrabbing loggers.
~Mike. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
