Jon Udell at InfoWorld - Watching out for our own security:
"Desktop and server operating systems know, and can report, when you’ve logged in and what you’ve been doing. True, a savvy impersonator can erase her footsteps, but if you’re motivated to look, there’s a decent chance you can detect an intrusion.
Applications and services delivered through the Web usually don’t afford the same opportunity. If a failed password-guessing attack triggers a temporary lockdown of my online bank account, I have some hope that I’ll be promptly notified -- though I’m not about to try the experiment in order to find out.
But what if shoulder-surfing or a lucky guess yields up my credentials to an evildoer? Typically there’s no way for me to monitor the account for amounts, times, or IP addresses that only I would recognize as suspicious.
They should at least show me the last log-in time. A more complete view of all account activity would be ideal."