Several sites (I remember how Yahoo did this too when I used my Yahoo account), for example, Bank of America, showed SiteKey or a similar image that the user selects after entering his username, but before entering the password. Allegedly, this ensures that the login page is unique for each user, and therefore the phisher can’t just show a static login page that looks like a bank’s site, but that prevents them from simply hitting the bank’s website in the background and sending the image (or another security call ) for the user? I'll give it, this makes working with a phisher a little more difficult, but for me it really is not so valuable. What is the rationale for this behavior?
source
share