On Tue, 8 Feb 2000, Andre L. Dos Santos wrote:
Many Virtual Banks rely on a fixed length personal identification
number (PIN) to identify a user. Some banks, allow access to all of
their online operations after a successful identification, others
require additional identification, like social security number, maiden
name or an additional PIN.
You don't mention x509 authentication in your analysis at all. IMHO, your
not doing anything here other than bringing up the age old technique of
brute forcing weak passwords in a circuitous way.