In 1996, this virtual keypad concept was broken by taking 10x10
pixel images
under the cursor click, showing the number/letters used in that
password.
Virtual keypads are just a minor change of tactics, not a long term
resolution to this risk, imho.
I agree but what about the second random password and challenge
authentification? Both should be unique and usage once.
-D
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
