Site Key Authentication Pictures [Still] Useless

Peter’s post yesterday about Wish-It-Was-Two-Factor authentication reminds us why educating the public about strong authentication is so hard. It’s because banks are lying to their customers.

“You know it’s really us—when you see your SiteKey, you can be certain you’re at the valid Online Banking Web site at Bank of America, and not a fraudulent look-alike site. Only enter your Passcode when you see the SiteKey image and image title you selected.”

Actually, that’s not the case as a successful attack was made public in April of this year.