[thelist] Keylogging and pin entry fields (and an attempt ataclean solution)

Ken Schaefer Ken at adOpenStatic.com
Sun Nov 27 19:25:36 CST 2005


Interesting. 

I don't think it's going to stop software keyloggers that capture/record form
input.

Additionally, it appears that typing the numbers for your PIN appears to work
(despite the instructions on the page), and if a user simply typed the number
for their PIN, that would defeat the letter/number mapping combination.

Cheers
Ken

-----Original Message-----
From: thelist-bounces at lists.evolt.org
[mailto:thelist-bounces at lists.evolt.org] On Behalf Of Jeremy Weiss
Sent: Monday, 28 November 2005 2:38 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] Keylogging and pin entry fields (and an attempt
ataclean solution)

One solution that I've delt with as an end user is the keypad on ING Direct.
Seems like it would be fairly effective.

https://secure3.ingdirect.com/tpw/InitialINGDirect.html?command=displayLogin&
device=web&locale=en_US

-jeremy


----- Original Message ----- 
From: "Christian Heilmann" <codepo8 at gmail.com>
To: <thelist at lists.evolt.org>
Sent: Wednesday, November 23, 2005 2:30 PM
Subject: [thelist] Keylogging and pin entry fields (and an attempt at aclean
solution)


> I had to deal with a client requirement today that puzzled me. The
> product is a banking application and there will be a login that
> requires a 4 number pin.
>
> Now, normally I'd have used a password field for that - as it is the
> most accessible solution, but the client requested a pin entry pad
> like the ones you see on cash machines.
>
> The users should use their mouse to enter the pin.
>
> The reason (not marketing as I originally thought): Keylogging
> software that might record the pins users enter. Therefore as a safety
> measure the pin pad was requested.
>
> I came up with a DOM solution for the issue and would appreciate some
> feedback and testing of it. If it were to be considered good, I will
> release it as a download later:
>
> http://www.icant.co.uk/sandbox/pinpad/test.html
>
> More info and comment facility on the blog:
> http://www.wait-till-i.com/index.php?p=193
>
> I really wonder if there is a non-JavaScript dependent solution to
> this problem. Well, 4 dropdowns with 0 to 9 would be one, but that is
> as trackable, isn't it?
 



More information about the thelist mailing list