if all my bank wanted from me was my online account number and 3 digits from a 12 didgit pass then i would be changing banks ASAP
all a person would need to attempt to logg in would be the account number and a good piece of software that could go thru every 3 diget combinations (under 500k) that could be done in under an hour
Blimey! so would i!!
In this particular case you log in with an 8 digit username (sent by post) and a password of your choosing, then you are taken to a different screen where it'll ask you for say the 2nd 6th and 10th digit of a different 12 digit password, these are selected from a dropdown list (can computer programs use dropdown lists) such as in the address bar of internet explorer. Only then if correct can you gain access to the site.
This is by far the best security i've come across and i have all my credit card, other bank acounts etc online.
Again though it could theoretically be guesses though the username is random letters numbers etc.
As for your question Tikay, if someone logs into your account using your username and password tough!
Sites do not have policies for reimbursing you for this type of fraud whereas banks do (if someone withdraws money from your account/card you just sign a form to say you didn't do it and they will give you the money back!!)
Poker sites do however have policies designed to stop money laundering, if you dump chips off and they see it they can and freeze your account!!! The great Pokergirl1 will attest to that, i think primapoker froze 50k of his cuz they said he did this, not sure of the outcome though.
I once read somewhere that some of these computer programs will EVENTUALLY be able to get into any username/password guarded site. Though some believe it or not are stored in the cgi bin itself (this is a little complicated to explain but it can be accessed thru the website address).
Ian