On Mon, Feb 07, 2005 at 05:03:51PM -0500, Greg London wrote: > > > > Would it be a secure transaction? > > > > What do you mean by this? What is the transaction? The user paying > > the company, or the company shipping to the user, or something else? > > hm, well, defining "secure" in absolute terms is probably too > difficult... > > the current way is for users to create an account with email address > for a username and a password they provide. They then order, pay, > ship, etc, etc. > > The proposed way would be for the user to provide an email with their > order, and get a auto generated one-time password that works as a > tracking number for that order. > > I guess the question would be is the proposed way is no less secure > then the current way, for all the various stages, ordering, paying, > checking status, reporting a problem, all through an online interface. > > I mean, it doesn't make the proces >less< secure, does it?
I would argue that it's slightly MORE secure, since it's less likely to be brute forced. I would say that ideally, you'd offer both options. $0.02 -- Dan Boger [EMAIL PROTECTED] _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
