Safety vs usability by Rosbank
Recently, Rosbank decided to raise the level of security of its Internet client.
Rosbank specialists, deciding to protect their customers from keyloggers, have come up with the use of a virtual keyboard to enter the so-called PIN2, and having implemented it with a particular bother to convenience and appearance.
So, in order.
At first, everything seemed to be more or less good with their Internet client. Enter the card number and expiration date, PIN2 - and voila, you can see the movement of funds on the account. What kind of functionality is not, but quite good, considering that it is completely free. For an additional fee, you can connect a full Internet bank, with the ability to pay bills online, etc.
')
Some time ago, they posted a message that says about the threats that lie in the network, in particular, about "spyware (trojan programs)."
And they changed the authorization window, prohibiting input in the PIN2 field from the keyboard, and placed a virtual keyboard, which is worth talking about separately.
When I saw her for the first time there was an eerie contempt for this creature - the crookedly disguised buttons of the smallest size, so as not to miss, you need to strain your eyes and aim at them. The length of PIN2 is 16 characters (thank goodness no more).
Well, well, I thought then, there is nothing to do - it is necessary to enter. Entered Enter Wrong. Well, sometimes wrong. I entered it three times, with all the accuracy and meticulousness in me - nifiga. Already began to doubt their abilities. When I entered the fourth time I noticed that not every click in the password field appears asterisks - i.e. buttons work through time! Having collected all our patience and peace of mind, we take aim at the button, focus on the input field, so as not to miss the lengthening of a number of asterisks merged into one line, click. If not lengthened - click again, making sure that the mouse does not move. Look what the next character on the piece of paper. Hand a little sweated from the hard work, my eyes almost watering. It is dreary, constantly looking from the screen to a piece of paper, it is easy to get confused. Well, why, tell me, do the buttons so tiny, despite the fact that most of the page is empty ?? For eight seconds, I typed the password in my notebook (ay, keyboard spies, Trojans! Goodbye, security!), Placed the windows side by side, divided into groups. In general, I won, I went in, I looked at what was needed, I forgot.
Total: I’m confusing something from this core protection, if I entered my pin2 into a different program, but with a keyboard. Anyway.
Previously, I often used this Internet client, checked my income, controlled expenses - it is very convenient if you pay with a card everywhere.
But after meeting with this keyboard, there was no desire to go there once again.
Subconsciously, knowing what awaits you, try to avoid it.
And today, it was necessary to check how much was written off for several purchases through paypal. Oh ... But there is nothing to do ...
So, I go to the login page ... ooops, something went wrong ...
How much poetry is in the message, how well-coordinated and well written it is ...
The title is “REPEATED !!!” ... Caps, three exclamations ... Emotions - over the edge ... But what is it again? Sign in again? refresh the page? Click Ok - javascript cheekily closes the window. Super. It is impolite, rude to the user.
Trying in chrome ... the same parsley:
We are trying to FF:
Something new ... But things are still there - the state of the account is not recognized.
After several attempts, IE produces the same results as FF, but in the end, the system gives birth to a result.
Glory to you, Lord ...
I do not know how much a virtual keyboard increases security - but using it in this form is completely inconvenient.
Why do ALL the keyboard? Themselves in the " Help " write:
Why all the other keys? To confuse? To drive longer?
As mentioned above, why make the buttons so tiny, despite the fact that most of the screen is empty?
Why is the function “save pin2 to file”, which could, in principle, save the situation, hidden in the “service” menu? Why I’m not asked to do this right after the correct input?
God, give these people a little brain and humanity.
Rosbank specialists, deciding to protect their customers from keyloggers, have come up with the use of a virtual keyboard to enter the so-called PIN2, and having implemented it with a particular bother to convenience and appearance.
So, in order.
At first, everything seemed to be more or less good with their Internet client. Enter the card number and expiration date, PIN2 - and voila, you can see the movement of funds on the account. What kind of functionality is not, but quite good, considering that it is completely free. For an additional fee, you can connect a full Internet bank, with the ability to pay bills online, etc.
')
Some time ago, they posted a message that says about the threats that lie in the network, in particular, about "spyware (trojan programs)."
And they changed the authorization window, prohibiting input in the PIN2 field from the keyboard, and placed a virtual keyboard, which is worth talking about separately.
When I saw her for the first time there was an eerie contempt for this creature - the crookedly disguised buttons of the smallest size, so as not to miss, you need to strain your eyes and aim at them. The length of PIN2 is 16 characters (thank goodness no more).
Well, well, I thought then, there is nothing to do - it is necessary to enter. Entered Enter Wrong. Well, sometimes wrong. I entered it three times, with all the accuracy and meticulousness in me - nifiga. Already began to doubt their abilities. When I entered the fourth time I noticed that not every click in the password field appears asterisks - i.e. buttons work through time! Having collected all our patience and peace of mind, we take aim at the button, focus on the input field, so as not to miss the lengthening of a number of asterisks merged into one line, click. If not lengthened - click again, making sure that the mouse does not move. Look what the next character on the piece of paper. Hand a little sweated from the hard work, my eyes almost watering. It is dreary, constantly looking from the screen to a piece of paper, it is easy to get confused. Well, why, tell me, do the buttons so tiny, despite the fact that most of the page is empty ?? For eight seconds, I typed the password in my notebook (ay, keyboard spies, Trojans! Goodbye, security!), Placed the windows side by side, divided into groups. In general, I won, I went in, I looked at what was needed, I forgot.
Total: I’m confusing something from this core protection, if I entered my pin2 into a different program, but with a keyboard. Anyway.
Previously, I often used this Internet client, checked my income, controlled expenses - it is very convenient if you pay with a card everywhere.
But after meeting with this keyboard, there was no desire to go there once again.
Subconsciously, knowing what awaits you, try to avoid it.
And today, it was necessary to check how much was written off for several purchases through paypal. Oh ... But there is nothing to do ...
So, I go to the login page ... ooops, something went wrong ...
How much poetry is in the message, how well-coordinated and well written it is ...
The title is “REPEATED !!!” ... Caps, three exclamations ... Emotions - over the edge ... But what is it again? Sign in again? refresh the page? Click Ok - javascript cheekily closes the window. Super. It is impolite, rude to the user.
Trying in chrome ... the same parsley:
We are trying to FF:
Something new ... But things are still there - the state of the account is not recognized.
After several attempts, IE produces the same results as FF, but in the end, the system gives birth to a result.
Glory to you, Lord ...
Summary
I do not know how much a virtual keyboard increases security - but using it in this form is completely inconvenient.
Why do ALL the keyboard? Themselves in the " Help " write:
2- 16- - , :
• : A, B, C, D, E, F;
•: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9.
Why all the other keys? To confuse? To drive longer?
As mentioned above, why make the buttons so tiny, despite the fact that most of the screen is empty?
Why is the function “save pin2 to file”, which could, in principle, save the situation, hidden in the “service” menu? Why I’m not asked to do this right after the correct input?
God, give these people a little brain and humanity.
Source: https://habr.com/ru/post/99758/
All Articles