After three failed logins, one of the financial websites I use shows the following message:

What this message should say, however, is “you must exit your browser OR clear your cookies.” (Yes, after clearing cookies and typing in the right password I managed to login.) This seems another case of feel-good security. A clueless user who doesn’t know about cookies would feel: “Gee, they are really taking precautions.” Mean while, anyone who is actually trying to do fraud is likely to know how to clear cookies in their browser (which takes about 2 seconds in Firefox).