Saturday, December 19, 2009

New MyPay Bookmarklet

MyPay Virtual Keyboard Remover v 2.0:
Works with Firefox, Safari, and Chrome. Drag it to your bookmarks or your toolbar. You need to establish a username and change your password through the virtual keyboard first. Once you have done that, use the bookmarklet to disable the virtual keyboard on subsequent logins.
Before:
After:

Wow, a New Standard for User Interaction

MyPay recently overhauled their interface and made it more "secure." I have my doubts, but they certainly have changed how they interact with the user.


I was a bit speechless. Pleading with users is new, but maybe it'll work for them. Apparently it'll be the only thing working for them:
Although most users have established their new login credentials with no trouble, some users are calling the Central Customer Support Unit for assistance. As a result, customer support is experiencing high call volume, and many customers are waiting on hold longer than usual.

We apologize for any inconvenience this may cause. We are doing everything possible to remedy this situation.
I have a few doubts that "most users" had no trouble. Maybe, just maybe, it's because of your continued use of the ridiculous virtual keyboard. Yes, you've increased the password complexity requirements (which actually increased security), but slaughtered what little usability you had. I promise you that getting rid of it will "remedy this situation."

MyPay, I think it's time that you get rid of the SSO or Admiral/General that once had a keylogger placed on his system and has perpetuated this paranoia. There is a risk/cost analysis that obviously has not been done and is probably costing the taxpayer millions in unnecessary support desk costs. Perhaps using the same standards that the rest of the DoD uses, the DISA STIG, could provide you with a more rational approach for implementing security. I'll even be happy to help you understand all of the super-secret requirements that are available on their website.

I'm just sayin'...