If there is one thing that LulzSec has taught us latley, it's that our online security is non-existant. Big companies have skirted and flirted with making me feel safe via "Wish It Was Two Factor". They've made us feel safe by calling the attacks "Sophisticated, Advanced" or saying "There's no way we could have prepared for this". Okay Citi, how about not putting my credit card number INTO THE URL? Just sayin. (Also, thankfully I don't use Citi, if I did, I'd have canceled them)
Banks have recently been court validated to continue performing "Wish It Was Two Factor". For the non-security geeks reading this. Two Factor is by default defined by "Prove you know something (say, a password), Prove you have something (Say a Fob, or RSA dongle, etc)". Prove you know something, and prove you know something, or validate my IP, etc doesn't cut it. Sorry buckos.
You know what's the saddest part? My World Of Warcraft account has better security then my bank, loan accounts, credit cards, and utilities. Combined. Good Job Blizzard. Fuck You American Banking system. Seriously, if my bank wanted to charge me 5 bucks a month, and would give me a RSA dongle, I'd pay it. Heck, for better security, I'd accept a *reasonable* fee.
(On that note, I'd like to give a shout out to the Australian banking system, which does provide RSA Keys for their online banking)