I just saw an ad on TV from Bank of America touting a new anti-phising measure.
From what I could gather, you can pick or upload a picture. When you’re using the BOA Web interface, that picture will be displayed somewhere on the page.
The idea behind this is that a phishing site wouldn’t know what picture you had picked, so they couldn’t display it. So if you pick a picture of your cat, then you just need to make sure Fluffy is staring back at you from every page. That way you know you’re still on the BOA site and haven’t been hijacked by phishers.
Good idea? I’m not really sure.