[e-gold-list] Re: Shockingly-positive media coverage of e-gold security-measure

[Paul Davis]

A technique that my Visa card uses is to make the login a
two-step procedure.  The first login page asks for my username,
then this takes me to a second page that displays an icon I chose
when they set this system up.  I'm then instructed to enter my
password if the icon is correct.

I have two observations about this:

1 It's actually unnecessary in my case since I use Roboform to
enter my passwords.  Roboform won't enter the password if the url
isn't correct.

2 Careless users, whom this system is ostensibly designed to
protect, can't be counted on to note the absence of the two-step
procedure.  If a phishing site asks them for both username and
password, they might just go ahead and give it out, having
forgotten that the genuine site didn't work that way.

So, on balance, while I grant the effectiveness of the system
within its boundaries, I'm reluctant to grant that it achieves
anything useful since the security issues themselves have now
probably migrated outside the boundaries.  Well, it accomplishes
one thing, I guess: It allows Visa to pat itself on the back for
having done something to "protect" its customers.



---
You are currently subscribed to e-gold-list as: e-gold-list at kobly.com
To unsubscribe send a blank email to leave-e-gold-list-512001C at talk.e-gold.com

Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.