FileMatrix wrote:
Someone could still your wallet, or take a photo of your PIKs, or simply copy the PIKs... and you would never know.
George, by far the greatest problem is the theft of passwords by virus/trojan type keyloggers... In all my years in this community, I have never heard of even one case of passwords being stolen because they were written down and stored safely.
Remember again, the PIK is the equivalent of the e-gold/goldMoney account number. In those systems you actually PUBLICISE the account number. You are harping on the VERY SLIGHT risk that someone MAY get your PIK. It doesn't matter George! It is just one half of the puzzle, the Password is the SECRET part of the key... The PIK is there to defeat the trojans, the password secures your account, just as it does in e-gold and the others.
So, sorry to say, the security of Pecunix log-in is not better than others.
This is an entirely incorrect observation... you have missed so many factors in the equation of security and usability.
If the password could be longer (the maximum set to at least 20 characters),
things would be entirely different.
Ok, that's no problem to change...
And even better if Sidd would put three passwords (and one PIK), as he said.
Actually, we would need to have 3 PIKs and 3 passwords... the password is vulnerable to keylogger attacks, and insider attacks with keyloggers are VERY much easier than even the e-mail/virus/trojan attack because insiders may have access to the machine. If I gave my (one) PIK to my crooked bookkeeper and the read-only password... he would merely need to log my keystrokes once to steal my full password and get access to the account.
But anyway, Sidd, also think at the "Bedazzled" log-in, with password images (those images can be copied only by someone with access to the computer, unlike a printed PIK).
Its too complicated and too limiting George... imagine, if people judge the current Pecunix system as complicated, how much more so is "bedazzled"? I am a traveller, and I need to be able to access my Pecunix account from various computers in various locations... I don't need the problem of having to carry my login images around on a disc (which could be stolen, and I don't even know the meaning of encryption, so I am entirely vulnerable).
There are many people using DGC's, each of whom has an ideal for the way he would like the system to work, and is blind to the needs of others... we need a system that is secure and satisfies the majority of users. I think we have a good start on that as Pecunix is now. Change is a good thing, but too much change is very bad...
Regards,
Sidd.
--- You are currently subscribed to e-gold-list as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
