I just had a nutty idea to use against phishing scams:
When I visit a financial site, it generally requires me to enter a username and a password or PIN number in order to recognize me.
What if the sites I deal with included some personalized passphrase or shibboleth in every communication sent to me? That way, I'd recognize that that message came from some source with which I'd shared that code or mark, and that it wasn't a spoofed mass-mailing from an outside phisher. It'd be like them authenticating with my brain.
For example, say that my bank included the phrase "Oh, and say hello to Francis for me" in every email I received. Or maybe they chose from a set of 10 literary quotes pre-selected by me.
Now, assuming that financial sites didn't regularly expose their counter-password database, this might just work. Too complicated? Also, I don't think counter-password is quite the right phrase.