Wow. Yeah, it prevents people from stealing your passwords by means of keyloggers, but like the BoingBoing post mentions, it makes it much easier for anyone who's in viewing range of your screen to figure out your password.

And is it really more secure phishing-wise? I've read that there are already some software keyloggers that take screenshots in certain circumstances. Add some sort of onClick method to that routine, and voilà, you've defeated this wonderful new 'security' method.

As for hardware keyloggers installed on a public terminal? Like I said, I'd feel leery of entering my password where anyone able to see the monitor can tell what I'm entering!

Posted by: codeman38 at February 13, 2005 12:43 AM

Do these people not use focus groups, or do they choose idiots to participate in them?

Posted by: Maurs at February 13, 2005 12:58 AM

It seems to me that blind and impaired people would have enough trouble typing in passwords as it is.

P.S. Maurs, didn't you know committees are one of the least efficient decision-making methods man has ever invented?

Posted by: fuzzy at February 13, 2005 05:22 AM

I actually have a keylogger program that takes can be told to take a screenshot EVERY time you CLICK, and further crop the image to just include a specific area or where the cursor was to save space.

Unfortunately, nothing is secure anymore. That program scares me, mostly from the innumerable stealth and transmission options..

Posted by: Jim King at February 13, 2005 01:12 PM

can they make it any easier for the crook.

Posted by: j.v. at February 13, 2005 09:30 PM

Fuzzy: Visually impaired computer users can type quite well through touch type training. The introduction of this obnoxious onscreen keyboard defeats their training and skill. Computer users with other impairments have alternative enablign technologies for input such as speech recognition. Again, this onscreen keyboard would defeat these technologies.

Posted by: Carlos Gomez at February 13, 2005 09:47 PM

It is kinda cute.

Posted by: Another Jay at February 14, 2005 11:15 AM

Its annoying!

Posted by: 999 at February 14, 2005 05:25 PM

What's broken is that it defeats some security problems only to introduce new usability problems.

Posted by: fuzzy at February 15, 2005 07:26 PM

http://www.citibank.co.uk/uk/productsservices/internetbanking/information.jsp

click on 'citibank online', located at the top (orange) menu in the right column. (Funny- it says 'one click sign-in'!!!)

P.S. enter your password in the username field. right-click (bring up the context menu-however you do it) and select 'Cut', go to password and to the same, but select 'Paste'. than enter your username. Totally avoided. (and it is no less secure, because people see what keys you click anyway)

Posted by: 554.5 at March 15, 2005 07:40 PM

You think that keyboard is bad, well try calling the callcentre (in India)and ask for a manager, you get all kinds of people who try to help, but you can't talk to a manager. To top it all when you ask to speak to someone in the UK, or customer complaints dept, they refuse to do that too. How can you trust a sud-standard banking in the modern world.

Posted by: Fash at April 13, 2005 09:21 AM