One of the things I'm not clear about is how one goes about logging into a Pecunix account with less than full access.
I believe Patrick made the point
But the way Pecunix displays the PIKs makes it difficult if not impossible to copy and paste them.
It seems to me that the advantage of the drop-down lists in both 1MDC and Pecunix is precisely that there is no way to type or paste any part of the keystream (PIN in the case of 1MDC, PIK in the case of Pecunix). Since we know that keystroke loggers and clipboard loggers are out there, it seems uncommonly foolish to move back to a typing or pasting approach. Virus or trojan attacks on the security of client workstations is too great a risk for my taste, especially when so many work-place logging tools are exempted from the major anti-virus and firewall systems - which opens them up to attackers exploiting the same openings.
This is a possibility, but of course that would be easy for a screen scraper to steal... I will look into this more.
Sidd, it seems to me that you should keep the high level of security for full access. Perhaps lower-level access could be obtained using PGP only?
Or maybe those who want to risk the keystroke loggers and clipboard loggers can set their accounts to a more open approach. I don't know.
In some ways it reminds me of those signs that gun owners have been offering to their neighbors, "This home has no firearms." Sort of an invitation to thieves and rapists, a kind of "evolution in action" approach to crime.
In response to George's rather odd suggestion, you wrote:
there is a very good reason for leaving out the Zero, One, Oscar, Lima, India, characters... they can be easily confused, depending on the font the user chooses,
And it is nearly impossible to prevent users from over-riding the fonts in their web browser. So, there will be confusion of zero with capital O, one with lowercase l and some capital I, etc.
your suggestions degrade the security substantially.
Possibly, for users electing to have lower security or for lower-level access, some of these degraded log-in systems might be appropriate.
to click the "help" button.
There's a help button? <grin>
more than 8 are getting too difficult to remember.
I think that depends entirely on how much effort one makes in generating mnemonic series of letters and numbers. Several of my unpublished PGP keys use 25 character passwords, which I have no trouble remembering. Then again, I used to remember thousands of words for theater productions.
Remember, even if the keylogger stole your password, it still doesn't have the full picture and your account is safe.
Indeed, it seems very difficult to anticipate having enough data from a series of Pecunix log-ins to be confident of even having enough of the PIK to be able to log in half the time.
If it were possible it would require running a program (such as activex) from the browser... a definitely BAD idea.
Isn't ActiveX one of those dramatically bad ideas of the Microsofties? I thought it was pretty much limited to Internet Exploder?
Regards,
Jim
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
