Indian bank websites are probably most secure. To quote a popular comedian, they are so secure even I can't get in. Besides using two passwords (login pwd and profile pwd), the crazy rules for what your pwd can be, and making you change it every couple of months without reusing any of the previous ones, there is one particular task flow that makes me feel like kill myself. India uses a mode of money transfer called IMPS (Immediate Payment Service), which allows you to transfer funds to any account instantaneously. It is like wire transfer in US but much faster. All you need is the receivers Account Number (no name is required), and receiving bank's IFSC code and the amount. That's it. Here is how most banks implement it -
1. Go to the IMPS screen and then manually type in the 16 to 20 digit account number. You probably got the receiver's account number in an email or a whatsapp message. But you can't copy and paste it into the field. You have to manually type each digit. So you keep flipping between the two screens.
2. Once you enter the account number, this field becomes invisible. Yes, invisible. You can't see what you just typed. A new field is displayed where you need to type the same freaking account number again. This is apparently to make sure that you are sure about the receiving account number. Of course, you can't copy paste. God forbid if the numbers don't match.
3. Now, to the IFSC. This is an 11 digit number. If you don't know the receiving bank's IFSC code, you need to google it up separately using the bank name and location. Rules for entering the number are same as above. So some more screen flipping.
4. Next is the amount, which is the easiest to enter because you probably have that number in your head.
5. Hit submit and you will invariably get a message saying, "You session has been timed out. Please login again.". Now you see, why I quoted the comedian above?
I have to use two separate machines and one helper to read out the numbers from the second machine as I type them in the screen to ensure that I am able to complete the request before timing out.