An article in the New York Times today discusses a recent study by MIT and Harvard that examines the efficacy of the technology called site-authentication images.  (If you do online banking, you may be familiar with this technology. You are asked to choose an image, and create a phrase that goes along with the image, and you are advised not to proceed with your online transaction unless you see both the image and the phrase when you log in.)

As it turns out, there's actually nothing wrong with the technology itself, it's merely that users tend to disregard the directives. During the course of the study, 58 out of 60 users logged into their accounts anyway, though they did not see their picture and phrase. Only two declined to log in.

Chalk it up to more "stupid human tricks," I guess. Read the full article here: http://www.nytimes.com/2007/02/05/technology/05secure.html?_r=1&oref=slogin.

TES