Comment No. Use one time passwords or parallel auth (Score 1) 138
Some banks issue a key fob for which generates a 6 digit number when the button is pressed. To logon to the bank's website you need your username, your password and a six digit number. This provides two factor identification - that which you know (username and password) and that which you have (keyfob to generate the one time password).
This system works very well. You can't logon to the bank's internet banking website without both whatyouknow and whatyouhave and once you are logged in you can not use major functions without generating a key using the fob which prevents someone taking over the session. This security provides solid protection from most types of automated and associated attacks including some MITM. I was very impressed with this system and heartily endorse it.
Other banks have two factor authentication using SMS or other side channels. Another bank I have an account with uses SMS as a side channel to confirm that the user at the computer is the user who owns the phone registered with the bank. This is similar to the key fob in that you need to be able to receive the SMS to make changes to the account using the bank's internet banking website or major functions like large money transfers or adding a new account to transfer money to. Again, this works quite well.
In both cases this is not about perfect security it is about increasing the cost and effort involved for an attacker to compromise the system.
I will never willingly give my fingerprints or any other biometric data. Yes, I know, someone could go all CSI on me and take my prints off of my glass when I put it down at the pub.
This idea of biometric identification needs to be shot down and buried. Perhaps in a future time we will have the infrastructure to support this and it may well be feasible but for now we have two factors systems which are in the field and work well.