There is a serious problem in this proposal: they want to disallow all keys not on a whitelist, and that whitelist does not include letters. Which would mean no WASD movement. While the intent is good (prevent phishing), I think a better solution is still needed.