|
That's utterly useless.
Bank of America's online banking application has been using this for quite a while now, but they used a server-basesd solution. it's called a SiteKey, and you select it once, and it's shown regardless of the browser.
The very fact that it's cookies based makes it just as easy for the phishing site to say "oh, your cookie is gone, create a new seal."
Great concept, horrible implementation.
|