Rabodirect doesn't have password as such

[rbywater]

I'm not sure if this is what footnote 4 refers to or not but Rabodirect doesn't have any direct password/pin that is entered in the webpage. Instead the pin number is used to unlock the token which is used. (i.e. the Vasco token is actually the only auth mechanism used)

[ryankurte]

Oh really? So there's no password step, just pin unlock for the token?

[36wish]

Yes. You use a 5 digit pin to unlock the token, which then generates an 8 digit code you enter into the website.

Each time you transfer money out of the account, the website will display a 8 digit code. You enter that code, plus your 5 digit pin, into the token. The token then generates a 8 digit code that you type back into the website.