This one time, at band camp, Byron Hillis wrote: > Unlike the current Westpac version that attempts to get around > "keyloggers" by using an on-screen keyboard in alphabetical order, which > makes it obvious to anyone looking over your shoulder what your password > is. On top of this, only capital letters and numbers are actually > acceptable as password characters.
Citibank (more commonly known as Shittybank in my household) UK also do this. It's really dumb since the places you're most likely to get stung is Internet cafes and the like, where someone could look over your shoulder. Surely most of the crapware out there that does keylogging can also quite happily screen capture too? Not to mention that 6,000 pounds was transferred from my account to an account in Germany without my knowledge. And given that my password is secure and I know my desktops are secure, it could only have happened because of a major break in their own security. Not that this meant I didn't have to sit through a mind-numbing questionnaire (Do you have anti-virus software installed?) from their call centre monkeys. It gets worse though. Barclays (also UK) require you to enter a six-digit Internet-only PIN, a password and a memorable word. So much information that you use rarely that you write it down. Of course. I bet they have a lovely certificate from their security auditor though, and that makes it AOK with the suits. -- Rev Simon Rumble <[EMAIL PROTECTED]> www.rumble.net The Tourist Engineer Nerds need vacations too. http://engineer.openguides.org/ When the Rapture comes, can I have your stuff? -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
