Training users to rely on specific non-ubiquitous security context

An example of how users are being trained "bad" security habits.

See also: Action-39

On Bank of America's site they tell users "If you recognize your Site Key, you'll know for sure that you are at the valid Bank of America site."

The statement puts the user in a position to completely rely on Site Key, and more or less telling then it's ok to ignore any other security information they might be shown.

This presents two problems.