Westpac, one of the big banks here down under, recently added some "features" to their online banking to "provide added password protection". As both their IT and security people are brainless monkeys on crack, the "added protection" is reducing both security as well as usability in a major way. Quite an achievement to fuck up that grandly, I'd say.
The new online banking login (have a look at its full broken glory) forces you to enter your password via an online keypad. With the mouse only. Keyboard entry VERBOTEN because it might aid the TERRORISTS. With the mouse cursor nicely visible to any bystander. With only 6 character long passwords allowed, and only caseless alphanumerics. No TAN system offered, BTW.
Their claim on the help page that "The online keypad was introduced to provide added password protection." is an especially bold slap in the face of anybody with at least a bit of security awareness.
Net Results: less usability, because the mouse entry takes ages compared to just typing 6 chars. drastically less security, because every fool can now see your mouse move around and where you clicked.
Ah well, I sent my bank (who uses Westpac's backend) a complaint and will soon unearth just enough Perl DOM to extract all the crap from their login and build a safe frontend page again...