How Much Security is a Picture Worth?

Banks have been picking up on this (pdf) trend lately, that is, having a “personalized” picture to greet you when you login to your online checking account. As pointed out by Laura, it is a cheap and fake version of two factor authentication.

The idea is that after you enter your account number (or something similar) you are presented with a customized picture that “proves” you are logging into the correct site. The problem is that users only notice the image once or twice and then are quickly desensitized to the fact that it is even there.

It also teaches people to trust what they see on the screen. “If it looks like my banking site, it must be my banking site” mentality. Users (everyone) are/is lazy and will do everything possible to avoid picking up a phone.

If your picture is not the cute little Pug you selected you’d most likely wait until Ms. Bad Lady goes and buys 15 iPods with your checking account number before you even think of calling the bank.

…and grudgingly at best.