hey for sure, simon. dont get me wrong, i am very much pro security. have been involved in a number of internet banking projects and development, to appreciate the seriousness of the matter. the timeout thing however is primarily to protect one when your desk is unattended, which doesnt matter too much for me since i'm the only one here. as a feature it is good and necessary, i just personally disagree with how it has been implemented here. but enough floggin this poor dead horse. just might get up and kick us in the teeth...
the more serious issues are ones like those covered in the article, on areas that have a financial impact. so as far as additional security goes, i am fully behind OST's aim to constantly improve. by all means, bring it on!