Sunday, August 13, 2006

How Can A Keypad Enhance Security?

I have several accounts that require me to use an online keypad to enter my password to get access to my accounts.

First is this from INGDirect, a small keypad with 10 keys to input 10 numbers and 10 letters. When I first setup my ING account, the password was a 4-digit PIN. Since I haven't update my password after ING adopted the keypad, I am not sure if letters are allowed in the password now. However, by providing a keypad with only 10 letters, ING effectively limits possible password combinations. Is this good for security? I don't know.

Second is this from HSBC if I want to go to the Bank-to-Bank transfer section. It's a bigger keypad with 10 numbers and all 26 letters.

Finally, a huge one from TreasuryDirect that have almost all the input keys you can find on your keyboard.

Well, I have to say that I didn't see any added security values of providing online keypads at all. Everything I can find on these keypads are there on my computer keyboard. However, with my keyboard I can choose some special characters if allowed. I also can put capital letters in my password combination. With the keypad, as comprehensive as the one from TreasuryDirect, I am not sure if I can enter capital letters. Or I still have to use the Caps-Lock key from my keyboard to do that. If that's the case, why bother using the keypad. And can't I just use my Backspace to delete what I entered? I don't feel using the Backspace key to clear the characters one-by-one is too much trouble compared to using the Clear key on the keypad to clear them all at once.

Even worse for ING and HSBC, a smaller keypad means fewer combinations of in passwords. Some websites actually encourage people to use special characters in their passwords. With these two, we simply don't have that choice.

So by providing a keypad to enter the password, are they enhancing the security or limiting it?

Digg this!   |   Add to   |   Yahoo


Post a Comment

Links to this post:

Create a Link

<< Home