> So I set my E-Gold password to
> "0123456789mypasswordmyotherpasswordanotherpassword" and have the exact
same
> level of security with just one password as CompuBank had with five,
> _except_ for the random personal question, and that last is probably
easier
> to compromise than the long password itself.
>
> _Any_ multiple password scheme is isomorphic to a single-password scheme
> with a longer password. The challenge question in step 5 is the only new
> feature here.
No, it isn't. Multi-level passwords virtually elminate the type of scam run
by e-qold , whereby a scammer tries to 'fake' the actual webpage. With the
first password you can see the balance, but the scammer would not be able to
simulate that easily, nor is it likely that he would be able to simluate the
entire range of data, and the inter-play between the user and the website,
with just the first password. And the first password will not allow any
money to be spent.
I am not aguing that it's not possible, but it's not likely, and every
change makes it more difficult for a scammer. Ideally, a system designed to
allow the user to select his security methods would be best of all, because
then the scammers would not be able to trick users into revealing their
security methods.
Here's my current favorite: Have multiple 'passwords' for each account, with
different levels of security assigned to each one by a master password which
would only be used to set the other passwords. It would be understood that
the 'main' password would only be used from a safe computer, and only
rarely. If a user wanted 5 passwords, he could set them up. If a user wanted
10 passwords, he could set them up. If a user wanted to give password #1
only 10 grams of e-gold to spend, then when password #1 used all of its
grams, the password would have to be 'reloaded' using the main password. If
a user wanted to give his password #2 the ability to spend 10 grams per day,
then password #2 would only be able to spend 10 grams per day. The important
thing is that account information and history information could be retrieved
using passwords that do NOT have that much power. Though it is true that if
the main password is stolen, the account is lost -- MOST of the problems
with the current system would be eliminated. Scammers would be defeated.
Trojans could still be used, but they would have to sit patiently, on the
users computer, until the day arrived when the user actually USED his main
password.
I think 'personalized' passwords would be a tremendous improvement.
Craig
---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]
