Bank of America is adopting some new schemes that might help. First, they're asking users to select a picture the user selected at registration time. The theory is presumably that a phishing site won't have the right image for you. Second, you can "register" your computer; if your account is accessed from another computer, additional authentication is demanded, thus rendering a compromised password much less useful.
I think both schemes will help; I doubt that either will stop the problems. http://www.bankofamerica.com/newsroom/press/press.cfm?PressID=press.20050526.03.htm --Steven M. Bellovin, http://www.cs.columbia.edu/~smb --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]