Two researchers at Indiana University recently found a weakness in Bank of America’s SiteKey technology. Unlike Telesign’s Two Factor Authentication, SiteKey allows banks to display a personal image of the customer’s choosing when he or she logs into their online banking account. The two researchers were able act as a “man in the middle” and successfully obtain a user’s SiteKey in a phishing attack, grating them access to the account.

Telesign’s Two-Factor Authentication creates a strong defense against such attacks; an attacker would have to have gained access to a victim’s phone as well as their username and password in order to successfully gain access to their account. SiteKey is an obsolete defense in comparison to Telesign’s Two Factor Authentication.  Wouldn’t you want your online bank records to receive the highest level of security ?