The whole “personalised login page” is a bit of a security myth in my view. The smart attacker will simply proxy the live login page, so you’ll see whatever you’d normally see. Then once you’ve logged in, they kill your session and take it over. It’s not particularly hard to do, and it bypasses almost all forms of security.

Much better, in my opinion, is challenge / response type questions. So tell us one of 5 pieces of information we hold on you. Or please enter the 3rd, 6th and 1st characters of your password.

My bank uses both of these approaches. So short of proxying my live session, it would be nearly impossible to steal my login info. You’d need to watch me log in at least 5 times, and probably more like 10.