Here's an out-of-the-box thought. What if I require more than one password on my sign-in page? Would that confound the phishing bots? (If so, then I could even allow the client to enter relatively easily remembered passwords).

grNadpa