Virtual Keyboard

hopefully I have not missed any post on this subject in the formums.


I use safepay and found when logging in to mybank the user name is clear for anyone to read and the password is covered by asterixs


all very good for tech computer hacking but what about human observation?


Anyone watching over my shoulder can see my login and they can also see what I click on with the virtual keyboard.


I know this is somewhat paranoid but anyone could see the full login. or a close idea by the pattern used to type.


how about a random key possion instead of the fixed qwerty setup?

Comments

  • camarie
    camarie Principal Software Developer BD Staff
    hopefully I have not missed any post on this subject in the formums.


    I use safepay and found when logging in to mybank the user name is clear for anyone to read and the password is covered by asterixs


    all very good for tech computer hacking but what about human observation?


    Anyone watching over my shoulder can see my login and they can also see what I click on with the virtual keyboard.


    I know this is somewhat paranoid but anyone could see the full login. or a close idea by the pattern used to type.


    how about a random key possion instead of the fixed qwerty setup?


    Human observation is not something a software should do, I suppose. If the layout would be scrambled on virtual keyboard, someone can still look over your shoulder and see what do you click.


    Fact is, you should not allow someone around when you type passwords, is as simple as that.


    The idea of randomizing keyboard came in discussions quite a long time ago, but was not approved because the cons (confusing the user expecting keys in certain places, risk of clicking wrongly is very high, possible bank locks account on too many bad password attempts etc.) were not overcoming the pros (slightly increasing security, but not so much since virtual keyboard is not emitting key events and therefore a keylogger have nothing to intercept).


    Cristian

  • Human observation is not something a software should do, I suppose. If the layout would be scrambled on virtual keyboard, someone can still look over your shoulder and see what do you click.


    Fact is, you should not allow someone around when you type passwords, is as simple as that.


    The idea of randomizing keyboard came in discussions quite a long time ago, but was not approved because the cons (confusing the user expecting keys in certain places, risk of clicking wrongly is very high, possible bank locks account on too many bad password attempts etc.) were not overcoming the pros (slightly increasing security, but not so much since virtual keyboard is not emitting key events and therefore a keylogger have nothing to intercept).


    Cristian


    Thanks for the comments. I accept your arguments against the random key possion.


    I assume this thread is now closed but would like leave another idea that you may or maynot like to concider.


    One of the things I was thinking about was if someone watched a little way away they could pick out the pattern, not the exact password, (thinking of using a laptop on the train to access the bank) and the random key layout was my fisrt idea, but another idea came to me was if the keys didn't change gray tone when 'mouse roll over' but changed font instead (italics maybe) and a less conspicuous cursor when over the virtual keyboard. Close up to the screen should be visable but not from from a meter or more away.


    Thanks for a good informative forum site, I have found the threads interestring and not full of flaming users as many other sites do.


    All the best, Czybes

  • camarie
    camarie Principal Software Developer BD Staff
    Thanks for the comments. I accept your arguments against the random key possion.


    I assume this thread is now closed but would like leave another idea that you may or maynot like to concider.


    One of the things I was thinking about was if someone watched a little way away they could pick out the pattern, not the exact password, (thinking of using a laptop on the train to access the bank) and the random key layout was my fisrt idea, but another idea came to me was if the keys didn't change gray tone when 'mouse roll over' but changed font instead (italics maybe) and a less conspicuous cursor when over the virtual keyboard. Close up to the screen should be visable but not from from a meter or more away.


    Thanks for a good informative forum site, I have found the threads interestring and not full of flaming users as many other sites do.


    All the best, Czybes


    Interesting. I am forwarding this idea right now to our product manager. Let us think a little about this.


    Regards,


    Cristian

  • How to enlarge the virtual keyboard on Safepay? My eye sight is not very good and the keys are small. Confusing.

    Thanks


    Danh