By Hiawatha Bray, Globe Staff | December 29, 2006
....
If someone tries to log in from a machine that isn't fingerprinted,
> the bank will send a confirmation message to the customer's e-mail
> address. A crook who's stolen somebody's user name and password
> probably won't have access to the victim's e-mail account, so he can't
> reply to the message, and won't be allowed to log in.
>
formatting link
Mmmmm, seems to me if someone has stolen the victims lap-top that the email account could still reside there so they really should NOT send new password to the user's email account!
If your laptop is stolen you need to have a list of all critical accounts that need to be notified!