When Vanguard mass emailed me about their new security features, my mind immediately jumped to the 234098 questions Emigrant Direct  made me answer as part of their new security feature enrollment process. Luckily, Vanguard was simply instituting a common anti-phishing technique that involved multi-stage logins, only three personalized questions, and a personalized image that only they could possibly know.
Honestly, I think it’s more important, but less cost effective, to instead education consumers on the various phishing scams out there. I remember sitting at work about a year ago when someone in the next cube received a classic phishing email from eBay. Now, I didn’t think this particular engineer was incredibly computer savvy (though he was like 40 and about two promotions higher than me on the basically meaningless hierarchy there) but he had no idea what it was. He easily spent about 30 minutes talking to my manager and other people about it, as if he had no idea what was going on. What made it even worse was the fact that he didn’t even have an eBay account (though he knew what eBay was). The moral of the story is that everyone should know that you should not log into sensitive sites (banks! brokerages!) from public computers and don’t click on links in emails. Emails are evil!
I do applaud Vanguard in adding these features, even though they’re a little late in the game. While it’s a little extra headache, if it’ll reduce fraud and how much Vanguard loses as a result of fraud – I’m all for it. Just don’t pull an Emigrant and ask so many darned questions.