I saw recently a customer who added the virtual keyboard in the loggin page to prevent keylogging attacks. I've never been realy confident in such mechanisms (that are really annoying) to add some extra security level, and in this case, writing a Greasemonkey script to disable it is trivial:
Does anybody knows if the virtual keyboard has evolved from version 6.3 ?
I have upgraded from 6.x to 7.x and I don't think the VKB has changed at all. well not cosmetically.
The VKB option is only available to Admins but I plan to roll this out to the masses.
Right now I use a solution from Safeword which works great for secondary authentication via a OTP.
However, I have 60+ key fobs in circulation and only a handful of people really use the IVE.
By implementing the VKB and in conjunction with a tight password policy I am going to dump Safeword in the next few months.
The built-in virtual keyboard is just a sample to demonstrate what can be achieved using the Custom Sign in Page framework.
Well, thank you for your response, but I am not really agree with you: it is marketed as a feature, and anyways, if such a function can only be done at the client-level (without interaction with the IVE), it will never be secure.