> However, this still leaves an account opened for automated password > cracking. Therefore, the system has to lock (for 24 hours) an account for > which there are too many consecutive failed log-ins (for example, 10). This > means that each PIK must be unique, so that the system can at any time > determine to what account each PIK belongs.
George, The accounts can only be indentified by the 'password', since I have to enter only 4 characters from the PIK, and there must be other accounts with the same characters in the same places here and there. We have to assume that their system checks to make it impossible that two accounts can have the same 'password', because otherwise that would be a serious security problem. In fact it would be more correct to say that the password is actually the login ID, and the PIK codes are the passwords, but does it really make a difference? The easiest way to make online currencies much more safe is by requiring email confirmation of spends. That can be as simple as just hitting 'Reply' to the notification email they send. A code in the reply email address will tell the server that the transaction is approved. With such system in place the thief need not only have your passwords, he need to control your email as well. Danny --- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
