为什么银行 App 的安全键盘并不能守护你的账户安全？

Core Viewpoint - The article argues that "secure keyboards" used in mobile banking apps do not effectively protect user accounts and may actually encourage less secure password practices [1][8][14]. Group 1: History and Evolution of Secure Keyboards - The concept of secure keyboards originated from the need to bypass hardware keyloggers in public computers, leading to the development of software-based on-screen keyboards [4][6]. - In 1997, China Merchants Bank launched its online banking service, highlighting the early adoption of internet banking despite low personal computer penetration at the time [2][6]. Group 2: Current Implementation and Standards - Current mobile banking apps in China utilize a "secure keyboard" that replaces standard keyboards with a custom input method, as outlined in various industry standards [6][7]. - The standards JR/T 0068-2020 and JR/T 0092-2019 recommend measures like custom keyboards and character encryption to protect sensitive information [6][7]. Group 3: Limitations and Risks of Secure Keyboards - The article points out that secure keyboards may inadvertently promote the use of simpler, less secure passwords due to user convenience and familiarity [12][14]. - Many secure keyboard implementations restrict the use of password managers, which can lead to users resorting to easier-to-remember passwords, thus reducing overall security [14][18]. Group 4: Broader Implications for Security Practices - The discussion emphasizes that convenience often trumps security in user behavior, leading to the adoption of less secure practices despite the presence of security measures [15][20]. - The article suggests that effective security strategies must balance user experience with robust security protocols, as overly complex systems may lead to user frustration and non-compliance [20][19].