Study suggests flaw in bank sites' security
Internet security experts have long known that simple passwords do not fully defend online bank accounts from determined fraud artists. Now a study suggests that a popular secondary security measure provides little additional protection.
The study, produced jointly by researchers at Harvard and the Massachusetts Institute of Technology, looked at a technology called site-authentication images. In the system, currently used by financial institutions like Bank of America, ING Direct and Vanguard, online banking customers are asked to select an image, like a dog or chess piece, that they will see every time they log in to their account.
The idea is that if customers do not see their image, they could be at a fraudulent Web site, dummied up to look like their bank's, and should not enter their passwords.
http://news.com.com/Study+suggests+flaw+in+bank+sites+security/2100-7355_3-6156089.html