[thelist] Keylogging and pin entry fields (and an attempt at aclean solution)

[Jeremy Weiss]

One solution that I've delt with as an end user is the keypad on ING Direct.
Seems like it would be fairly effective.

https://secure3.ingdirect.com/tpw/InitialINGDirect.html?command=displayLogin&device=web&locale=en_US

-jeremy


----- Original Message ----- 
From: "Christian Heilmann" <codepo8 at gmail.com>
To: <thelist at lists.evolt.org>
Sent: Wednesday, November 23, 2005 2:30 PM
Subject: [thelist] Keylogging and pin entry fields (and an attempt at aclean
solution)


> I had to deal with a client requirement today that puzzled me. The
> product is a banking application and there will be a login that
> requires a 4 number pin.
>
> Now, normally I'd have used a password field for that - as it is the
> most accessible solution, but the client requested a pin entry pad
> like the ones you see on cash machines.
>
> The users should use their mouse to enter the pin.
>
> The reason (not marketing as I originally thought): Keylogging
> software that might record the pins users enter. Therefore as a safety
> measure the pin pad was requested.
>
> I came up with a DOM solution for the issue and would appreciate some
> feedback and testing of it. If it were to be considered good, I will
> release it as a download later:
>
> http://www.icant.co.uk/sandbox/pinpad/test.html
>
> More info and comment facility on the blog:
> http://www.wait-till-i.com/index.php?p=193
>
> I really wonder if there is a non-JavaScript dependent solution to
> this problem. Well, 4 dropdowns with 0 to 9 would be one, but that is
> as trackable, isn't it?
>
> --
> Chris Heilmann
> Blog: http://www.wait-till-i.com
> Writing: http://icant.co.uk/
> Binaries: http://www.onlinetools.org/
> -- 
>
> * * Please support the community that supports you.  * *
> http://evolt.org/help_support_evolt/
>
> For unsubscribe and other options, including the Tip Harvester
> and archives of thelist go to: http://lists.evolt.org
> Workers of the Web, evolt !
>