Originally Posted by brokencycle
Even more dumb are these "let us assign you a security picture so you know it is our website" things. WTF. How am I supposed to remember that my bank login image is a battleaxe?
Actually, they just removed that feature and I thought they were a reasonable idea.
Usually there was a sailboat or bike thing I could pick and it is unlikely that some phishing site knows that about me (remember, most of these attacks are automated--so even if you could guess after researching a person for an hour, that is never going to happen in the typical attack scenarios).
But they also had a text entry where you could put a phrase you would always expect to see.
Mine was set to "lickballz"...because no phishing site is ever going to guess that that is a correct phrase, and then I am always expecting to see something offensive when I log into my bank. If I don't see something offensive, there is something wrong.