The general idea is to use a machine which has minimal opportunity to be compromised through other activities. There have been known to be exploits that allow a compromised VM guest to compromise the host, and obviously if you compromise the host you can compromise all the other guests.
Using a separate VM is worse than using a separate physical machine and better than doing nothing. Whether it's "good enough" depends on who you are. Who are the plausible attackers? What do you stand to lose if it goes wrong?
Unless you are not using the host OS for anything _other_ than virtualization. If the host OS is used to host VMs, which are then used for specific tasks (casual browsing, banking, development, etc). Any exploit will be limited to the VM. This would be a pretty solid setup. It is only vulnerable to attackers that have direct access to the hardware, or have the ability to exploit the hypervisor.
 in other words if the host OS is used as a hypervisor, or if the host OS _is_ a hypervisor.
I've set up VMs for people with their credentials in the VM and nowhere else, and the host firewalled pretty restrictively such that that VM is pretty useless except for banking. I suspect compliance is high on systems like that.
Most European banks do. Only few US banks do. Primary reason for this difference is that it's trivial to transfer money from one European bank account to any other bank account. It basically works like email, where you can just enter any destination bank account number. With US bank accounts the process is much harder, as you first need to add and confirm the second bank account (which somewhat reduces the risk of what can happen if someone gets access to your account).
We're almost to a point where the question isn't whether or not they support it, it's finding out that they have a program, clicking through tiny text links at the bottom of pages, and figuring out how yet-another-implementation works.
The major ones that I've used do - Chase and Bank of America, both through sending codes over SMS to login and perform certain activities once logged in. For BoA, even if you stole my password and browser cookie (to get past the login check), you still wouldn't be able to do anything but pay my bills for me. Anything that might send money to a new destination, like creating a new billpay recipient, changing the info of one, or adding a wire transfer destination, requires an additional 2-factor code.
Both my banks do (European banks, specifically Rabo and ABN/AMRO).
These are still not immune to phishing attacks but it's a lot better than TAN codes or some other 'dumb' authentication scheme.
Typically these systems work in conjunction with pin-and-chip card, a small piece of hardware that generates the codes and a challenge / response system built into the website you use for the authorization.
Separate challenges exist for logging in (read access) and transferring money.
We are a Health company http://www.oceaninformatics.com/ whose leaders created the openEHR standard, which is slowly taking over the world as the best way to do Health computing.
We have built the oceanEHR platform based on the openEHR standard, and provide this platform to others to build systems, we also build our own products and systems on this platform.
- You'll probably end up learning it all over some period. We just want strong engineers who can learn anything.
We are a distributed team, with folks in Darwin, Brisbane, Sydney, Melbourne, Adelaide, UK
That being said, for these development positions we are aiming for folks in Adelaide (will work from an office) or Brisbane (work from home with occasional face 2 face).
- working remotely is hard, please consider if you have the maturity to work unsupervised, and the ability to work in physical solitude without going crazy.
What your working week will look like:
- lots of new software development
- some support of existing products and systems, bug fixing, enhancements
- few meetings
So, if you are voracious learner, an initiative taking developer, likes hard stuff, cares about what they build, then we would love to hear from you.