It was (is?) common practice to have a visual keyboard to enter the password in extremely sensitive applications like banking. This prevents the password from being captured by keyloggers and from being saved by the browser, because malware automatically extract and collect these, which was a very real issue with banking.