Hi Loren, That's the security concern that prompted the confirmation step. When you confirm your account for the first time, it associates an IP address with your profile and stores a cookie on your browser. An imposter would need to have access to one of those two credentials to sign in as you (as Alok demonstrated).
The two-field requirement was originally so bots couldn't just throw addresses against the login... they'd need to at least match up the right name with the right address. That's probably not that hard, and with the new measures it's no longer necessary, except as security theater (two fields are more secure than one). But if you were going to go to the trouble of impersonating someone it'd be easier just to use e-mail itself. Programs like Apple Mail put no restrictions on what you declare as a name or address for your outgoing e-mail. // jeff . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://gamma.ixda.org/discuss?post=21648 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://gamma.ixda.org/unsubscribe List Guidelines ............ http://gamma.ixda.org/guidelines List Help .................. http://gamma.ixda.org/help
