FileMatrix wrote:
But the way Pecunix displays the PIKs makes it difficult if not impossible to copy and paste them. So maybe Pecunix could also display each PIK in pure text in a form somewhat like George suggests:
1-a 2-4 3-T 4-u 5-X 6-b 7-Q 8-N 9-e 10-j 11-Y 12-u 13-A 14-m 15-9 16-h
Absolutely!
This is a possibility, but of course that would be easy for a screen scraper to steal... I will look into this more.
It is also possible to increase the number of elements in the PIK to all 26 letters from English. This would give a total combinations number of 10^26.
Yes, but there is a very good reason for leaving out the Zero, One, Oscar, Lima, India, characters... they can be easily confused, depending on the font the user chooses, and this creates a larger customer service work load, sorting out "can't log in" queries.
The user would be instructed to keep private the user name and all three passwords. The user would also be instructed to keep them in an encrypted file, and to copy and paste them in the log-in form. The method is both easy and secure. Of course, as you say, it seems most people preffer to print them and that would make it impossible for this method to work since it would require users to type long radom strings.
George, your suggestion assumes that everyone only ever logs in from their own computer where they have access to these encrypted files. Sure you could carry them on a portable disc, but when using your account from an insecure computer (such as an internet café) it is far more secure to have the PIK printed and carried in your wallet. The Pecunix system is still by far the most secure default login, but your suggestions degrade the security substantially.
I was refering to beginners in computers. When I saw the log-in form I was puzzled for a few (tens of) seconds (and I'm no beginner).
Perhaps your puzzlement was caused by the very fact that you are not a beginner George. You had a preconceived idea about what to expect and it was different. Remember beginners find everything about the computer puzzling, even e-mail, but they work it out. As one becomes more familiar with computers, one develops certain expectations, and perhaps is irritated or frustrated if something one is not familiar with is presented. This seems to be especially so if you consider yourself to be "tech-savvy". I know I sometimes suffer from this. As I pointed out before, it is invariably the "tech-savvy" or experienced user who complains about the Pecunix login system, not the beginner, who usually asks if he is not sure. Beginners are used to "not knowing" what to do with their computers and are generally more willing to click the "help" button.
The existing password is too short, maximum 5 characters (plus the 4 from the system) are not enough.
It is generally accepted that 8 character passwords are sufficient security, and for a user on the move, not always using the same computer, more than 8 are getting too difficult to remember.
Oh, and maybe you can find a good anti-key-logger program and put a link to it in the download page. Even if the PIKs are safe (for being images), the passwords are not.
We can think about that. Remember, even if the keylogger stole your password, it still doesn't have the full picture and your account is safe.
I was thinking to something else: isn't there any way to check using the browser (basically, your log-in page should do this) if there is any program (the key-logger) hooked to the keyboard handler, or a text screen harvester? If it is possible, the log-in form could tell users there is a security breach.
If it were possible it would require running a program (such as activex) from the browser... a definitely BAD idea.
Regards,
Sidd.
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
