BoingBoing has a post about how citibank’s on-screen keyboard is defeated by Trojans.
A new trojan that records screen-movies has been discovered in the wild; the malware specifically captures your mouse as you laboriously enter your password into banking sites that use on-screen keyboards to defeat keyloggers
Its time the pin heads running the banks start providing two factor authentications. With the spread of cell phones its time the Banks use a two factor scheme where the tokens can be obtained via an SMS on the cell phone or use Cellular Authentication Token. Simple user name / password schemes are archaic and have lived beyond their purpose.
