FileMatrix wrote:
I just created a Pecunix account. The system is great...
Indeed!
No way for a beginner to complete the registration and log-in process.
Evidence suggests otherwise George :)
Here are my suggestions: When an account is created, display all three PIKs as text to allow users to copy and paste them into their (encrypted) files, without having to type such complex strings in order to save them.
As Patrick pointed out, the idea is to print them... there is no need to encrypt them. Remember, the PIK is the equivalent of the e-gold account number (which is openly publicised). It is not the end of the world if someone sees your PIK, you still have the secret password. Pecunix is already much more secure than e-gold because the PIK is not publicised, so you have 2 unknowns instead of only one. The initial idea of displaying the PIK as an image was to prevent simple "screen scraper" type trojans/bots from stealing the PIK. Arik pointed out the slight security risk of the PIK image being cached by the browser for long periods. This is also being addressed by modifying the PIK image to be 16 separate images each randomly named. They will be cached, but an intruder will not be able to construct the correct order of characters if he accesses the cache.
BTW, an excellent encryption tool for storing passwords is <https://sourceforge.net/projects/passwordsafe/>
Write how the user has to log-in, in the log-in form (don't make the user go to the help page).
Yes, this change is in development at the moment.
Implement this method at least for the read-only and limited access levels.
Here is another change on the cards... Pecunix will be modified to have only one PIK per account, but 3 different secret passwords... The current system is not quite right, e.g. If I wish to give my bookkeeper access to the read-only level, I must currently hand over the read-only PIK and and my secret password. If she subsequently comes across the full or limited access PIK my security is compromised. By having only one PIK (which is not necessarily secret but should be carefully distributed) and 3 secret passwords, I can maintain my security.
2. At the end of the registration process, display all user information in an edit-box and put a button to copy the text to the clipboard, so that the user could save it into a file:
An excellent idea... on the to-do list.
3. In the merchant tools section it is very difficult to copy the HTML code (since the cursor doesn't work in the edit-box). I think a button to copy the code to the clipboard is required.
Good idea again... we will be integrating some kind of link to Gold-Cart there soon as well.
4. Have you thought at the "rebilling / payment request" idea discussed a few weeks ago? (I know it is extremely complex.)
George, I am of the opinion that this should not really be a feature of a DGC per se... rather it should be implemented by a third party processor. Perhaps Open2exchange will work on something like this sometime.
Patrick wrote: > So I asked my wife what she thought about that whole PIK / combo > box process. She understood it immediately, and instructed me to > tell the list that if she can do it, anyone can.
Wonderful, that is our experience too.
> But certainly creating a new account is a horse of a different > color, I'll admit.
The thing that seems to most confuse people is the e-mail verification process... we are looking at ways to modify the process so it is simple, and happens after the account has been created.
Thanks both of you for your comments.
Regards,
Sidd.
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
