Wonkiest New Security Feature Yet

My Money Blog has partnered with CardRatings for selected credit cards, and may receive a commission from card issuers. All opinions expressed are the author’s alone, and has not been provided nor approved by any of the companies mentioned. Thank you for your support.

I logged into my TreasuryDirect account today, and what do I see?

My Money Blog has partnered with CardRatings for selected credit cards, and may receive a commission from card issuers. All opinions expressed are the author’s alone, and has not been provided nor approved by any of the companies mentioned. MyMoneyBlog.com is also a member of the Amazon Associate Program, and if you click through to Amazon and make a purchase, I may earn a small commission. Thank you for your support.

User Generated Content Disclosure: Comments and/or responses are not provided or commissioned by any advertiser. Comments and/or responses have not been reviewed, approved or otherwise endorsed by any advertiser. It is not any advertiser's responsibility to ensure all posts and/or questions are answered.


  1. Who in the world designed this? It’s completely ludicrous. All these new security features are definitely getting annoying, but that one takes the cake.

  2. Yep. Encountered the same thing this morning. Just a slightly expanded version of what ING does. Give em credit for at least trying to improve their security.

  3. Just found out from Fatwallet that if you disable Javascript in your browser, you get a regular text form.

    I’m assuming that they are trying to weed out mouse-tracking virii as well as keystroke loggers. What’s next, 3-D glasses to avoid malware that takes screenshots too?

    I hope Yodlee finds a way around this too.

  4. you get the samething in HSBC’s bank to bank transfer

  5. If you click on the link below the keyboard it tells you all about it, pretty interesting too

  6. I appreciate it. But I’m paranoid. And rightly so.

  7. Yeah, I suppose the added security is good. The keyboard at least has bigger buttons than HSBC does. Yodlee still works to sync, so I’m a happy camper. Just found it amusing 🙂

  8. Apparently this is for those that may unknowingly have a software keylogger installed. In very rare cases you may have a hardware keyloggger. See more here: http://en.wikipedia.org/wiki/Keystroke_logging

  9. This is part of a set of security features that banks are implementing to protect against account theft with keyloggers.

    The regulatory organization FFIEC published a proposed regulation a few months ago requiring all US banks to use “strong authentication” on any areas that involve high risk or high value transactions (such as bank-to-bank transfers). Expect to see more of this.

  10. So you cannot have case sensitive passwords..?

  11. Steve the K says:

    It says passwords are not case sensitive.

    I hate it. What a PITA. The small buttons on HSBC is bad enough, now they scramble the keys so you have to go hunting and searching for the next character.

  12. The keyboard system is a joke. At least they could have made it a standard layout. I find it interesting when a site talks about security but doesn’t allow complex passwords.

  13. I haven’t even logged into ING because of the new security feature. Too annoying to go through that process.

  14. I tried a version of yodlee that I thought was horrible, then I searched around a little bit and using a version that I really like, much better than everbank in my opinion and as you said it’s working with treasureydirect. Very nice

  15. You can use Roboform to avoid having to use the scambled on-screen keyboard.

  16. Why is anyone complaining about “strong” passwords? The key to creating a password is using several types of characters and with this system numbers, letters, and symbols are all useable characters which is more than adequate for creating a secure password. Beyond that the next thing to take into account when creating passwords is that it is different from the passwords that are on less secure accounts (free online mail, online poker, ebay, ect.) or any other password for that matter. The last thing to think about with passwords is length, at 8 characters hackers can be successful with brute force attacks. This technique becomes much more difficult with more than 8 characters. That being said all these criteria can be met by this system and it adds a dimension that is not added when typing a password into a web text field, which is encryption of the input. So all characters typed with the web-based keyboard are all encrypted before being sent. This is a very important security step considering all of the viruses that are floating around.

  17. Indexfundfan – I use Roboform, and it does not work for the password on the Treasury Direct site. Have you tried it?

  18. I think this is great.

  19. I don’t mind it.

  20. I don’t get this at all when I log into my treasury direct account. It only asks me for an account number.

    What kind of account do you have that it prompts you for this password? Heck, I didn’t even know they had passwords on their accounts (how’s that for poor security?)

  21. My beef is that my password is now to long for the new form. So I can’t even log into the account. I wish they would have warned us.

  22. To Tim: I stand corrected. When I first tried to login, Firefox filled in the password for me and I mistakenly thought it was done by Roboform. I have since confirmed that Roboform was unable to fill in the password. My apologies.

  23. For those of you who (like me) find this “feature” utterly annoying, you can use Firefox + Greasemonkey and the following userscript to counteract the restrictions on entering your password directly and having firefox remember your account & password. The on screen keyboard is still there and can still be used if desired, and you don’t have to have firefox remember your password if you wish so you really lose nothing but gain a ton of convenience.


  24. i just tried this site and it’s makin me crazy! there’s a balance between security and usability and this site definitely hasn’t found it. if either the organization or the customer needs that much security, they need to figure something else out or not use the web. i’d rather go to a bank and stand in line. you also can’t use previous or next buttons (which i often use without even thinking) else it boots you off and you have to go through the whole login process again.

  25. It’s still much easier than going to the bank. It takes only a few minutes to log in. When I purchase savings bonds at National City, I find that the tellers aren’t familiar with the products they sell. They don’t understand which bonds are sold at face value and which ones are sold at half of face value. I have to explain the parameters to the tellers!

Speak Your Mind