When will banks use a 'two factor authentication' such as a USB Key and password. Thus access would only be granted if someone had both. Thyis protects against key loggers, and also protects against theft of the USB key (hopefully they will not write the password on the USB Key!)
Alternatively a card swipe could be used on the PC.
Gordon,
That is a good idea, and sadly it might never happen. It would cost money and here in the US banks look at the bottom line. If something like that did happen the customer would foot the bill. Most customers will complain, and forget the value of added security.
HSBC in the UK uses a key-fob like the one PayPal will offer. It creates a pin code that is unique to the device and account. It lasts for about 60 seconds. After that you need a new one. You enter both the random number from the key-fob and your account information to login.
I do not agree that it is not a security problem. There are many ways to identify a user other than login. My bank now looks me up in a database and displays an image that is unique to me on the password entry page. This helps and a phantom site would have to capture much more information to simulate this feature. Other background key exchanges could implemented.
Password access is just too risky to survive. The banks need to take security more seriously before I will place too much relience on on-line banking.
Your Talkback on this Story