My bank recently made changes presumably intended to improve the security of their Android app, which have the side effect of reducing security on their web site. The problem is that it's hard to type a decently secure password on a virtual keyboard. Their app previously recognized this by allowing me to set a less secure password for the app, that could be reliably typed on a cell phone, while keeping a more secure password on the web site. You had to provide the web password once, when setting up the app, and never again. Lesser password security on the app was OK with me, because a potential cracker would need physical possession of the phone - unlike with the web app. They recently "fixed" this. Now the customer can choose between changing their password to something cell-phone appropriate, like "123"; getting locked out for repeated typos; buying an external keyboard for the cell phone; or not using the app. I'm thinking of returning to turning up at the branch with a stack of cheques to deposit, looking as elderly as possible, and when they try to get me to use the app, explaining that recent changes to it make it no longer work for me, or perhaps any other seniors. I probably won't do that - too much like work, and I haven't so far gotten myself locked out - but it's a prime pain in the tail. The app won't accept the password direct from my password safe, unlike the web site, making this an even bigger nuisance. But this just reinforces my belief that their security people are less than competent, and routinely score own goals at the expense of both the bank and its customers.