<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    You say that as if keystroke logging trojans can't also do
    mouse-click-with-screen-grab logging...<br>
    <br>
    Floating virtual keyboards are security theatre, nothing more.<br>
    <br>
    <div class="moz-cite-prefix">On 26/06/15 08:30, Ivan Jukic wrote:<br>
    </div>
    <blockquote
cite="mid:CAMUcLQjO9SxqBBsRSNfg=6hOZh040J4koCcWS1V5MXEyhHCSeQ@mail.gmail.com"
      type="cite">
      <meta http-equiv="Context-Type" content="text/html; charset=UTF-8">
      <div dir="ltr">Granted it uses 6 digits, silly I know in the
        conventional sense. However, correct me if I am wrong. You need
        to enter the password using a floating virtual keyboard. So
        keystroke logging and brute force/dictionary attacks should not
        be an issue...<br>
      </div>
      <div class="gmail_extra"><br>
        <div class="gmail_quote">On 26 June 2015 at 08:23, Scott Howard
          <span dir="ltr"><<a moz-do-not-send="true"
              href="mailto:scott@doc.net.au" target="_blank">scott@doc.net.au</a>></span>
          wrote:<br>
          <blockquote class="gmail_quote">
            <div dir="ltr">You forgot to mention :
              <div><br>
              </div>
              <div>Westpac - maximum 6 digit passwords for Internet
                Banking. No special characters allowed.  No upper/lower
                case distinction. (But at least it's better than their 3
                digit phone PINs)</div>
              <div><br>
              </div>
              <div>SSL is pretty much the least of Westpac's problem
                when it comes to Internet Banking security...</div>
              <div><br>
              </div>
              <div>  Scott</div>
              <div><br>
              </div>
              ...</div>
          </blockquote>
        </div>
      </div>
    </blockquote>
  </body>
</html>