MyPay login has changed
Patrick from Cashmoneylife beat me to this one, but sometime within the past week, the DFAS pay site, Mypay, has changed the security style of their login page. Instead of typing in both your user ID and password, you now use a "virtual keyboard" to input your password. The virtual keyboard's layout changes each time the page is reloaded, but don't worry, the letters and numbers stay on their correct keyboard rows. The theory behind this is that keyloggers will not catch your password. If you do not have a mouse, you can use the tab and spacebar keys to enter your password (though, admittedly, I had NO SUCCESS with this).
I first saw this change on Thursday and I was amused but am not sure how helpful it's going to be. For one thing, it's terribly easy for someone to look over your shoulder and see you selecting your password, letter by letter. For another, it looks like you're *screwed* if you don't have a mouse or a touchpad, since arrow keys don't work, and apparently the tab and spacebar feature isn't working like it's supposed to. I suppose the protection against keyloggers is a valid point, though the actual login ID isn't entered on a virtual keyboard, which would still enable thieves to obtain it.
I wonder if this method of login will become more widespread, and I wonder if it will actually help prevent ID theft.
I first saw this change on Thursday and I was amused but am not sure how helpful it's going to be. For one thing, it's terribly easy for someone to look over your shoulder and see you selecting your password, letter by letter. For another, it looks like you're *screwed* if you don't have a mouse or a touchpad, since arrow keys don't work, and apparently the tab and spacebar feature isn't working like it's supposed to. I suppose the protection against keyloggers is a valid point, though the actual login ID isn't entered on a virtual keyboard, which would still enable thieves to obtain it.
I wonder if this method of login will become more widespread, and I wonder if it will actually help prevent ID theft.
Labels: military pay
3 Comments:
I agree, there are some limitations to this security feature, but it is an improvement.
If I had a choice, I would have preferred the virtual keyboard for the LoginID over the PIN, given the sensitive nature of the LoginID.
I'm also not too worried about someone looking over my shoulder because I always access myPay from the privacy of my home. But I know that does not apply to everyone. It's a good thing the letters/numbers are small!
I came across the "virtual keyboard" the first time through my HSBC account. There they have you type a password through regular keyboard *and* enter a differnt pin via the virtual keypad. Even though it takes longer to login, I think overall it improves the security quite a bit. Due to the layers of security it makes it really difficult for an identity thief to steal login ID, password and PIN, entered using two different means. Like Patrick, even I access my account mainly from home and am not so worried about someone looking over my shoulder.
Virtual Keyboard is actually one of the best ways to protect your pc against keyloggers. I know, that one anti-keylogging software, Privacy Keyboard, which BTW places the first place on www.anti-keylogger.org site uses this techology.
Post a Comment
Links to this post:
Create a Link
<< Home