Is there a good newsgroup for internet security (not involving viruses or malware)?
Until then, this is what I got when I logged into my bank account just now to check my balance:
"We're simplifying the way you sign in
You'll soon be able to sign in with one step by entering your Online ID and Passcode on the same page. SiteKey® the image you used to see before entering your Passcode is no longer part of the way you sign in to Online Banking.
This simpler sign-in will be introduced on our different sites before the end of the year.
To help ensure you're on the real Bank of America website before you sign in, check your browser address bar for:
www.bankofamerica.com Green text/shading Lock icon "
Of course that is the way it was originally, putting in the ID and password on the first page. That was it for the first few years.
It was their idea to have a SiteKey in the first place, an image that they chose that I would see on the screen that showed me I was actually communicating with whom I thought I was, the bank**. Now they have 3 things, the list at the end above, but none of them are personalized for me. Anyone with an account would get these same three things and could duplicate them in a phony site (the existance of which, one which would intercept my attempt to get to them, was a concern when they came up with the SiteKey".
**Because no one else would know what they showed on my screen. Even if there were a key-logger on my computer, it wouldn't read what came in, iiuc, that is, the sitekey, the little sketch they showed me and maybe 1000th of their online customers. (That is, they had 1000 sketches, and if I didn't get the one I expected, I should stop what I was doing and not put in my password.)
Do you do online banking with other banks? Do they have something like the SiteKey, a password or picture they send to you, instead of the other way around, so that you know you're talking to them, in the same way they want a password from you so they know they're talking to you?