According to a demonstration by Chris Soghoian over at CNet, Bank of America’s “SiteKey” picture authentication feature can be spoofed by phishers and is, basically, worthless.
sitekey
Bank of America's "Perfect" Security System Actually Vulnerable To Phishing
By 4.13.07
Bank of America has an online security measure called SiteKey and says, “[W]hen you see your SiteKey, you can be certain you’re at the valid Online Banking website at Bank of America, and not a fraudulent look-alike site.”
