Westpac's Anti-Keylogging Attempt Questioned

Some believe that Westpac's new anti-keylogging sign in page, is a joke and does not go far enough to ensure security. The bank last week launched a new sign-in page which uses an on-screen keypad designed to prevent the incidence of key-stroke logging fraud by removing the use of a keyboard to enter in passwords. Andrew Young who has worked in corporate IT for 10 years and has built web sites for three years, uses Westpac for his online banking, because he believes that overall it offers a good service. "But they just do stupid things sometimes, such as this new anti-keylogging sign-in page," he said. "Many key-loggers can record screen-shots and mouse movements, which totally nullifies this security upgrade, and this new system increases the risk of people being able to get your password especially if you are using the site in an office, Internet cafe or other public space where people can view your monitor." Another flaw is that the bank forces customers to use a short, fixed-length passwords of six characters, which Young says makes it easier for hackers to guess and remember passwords.

Source - PC World Australia