Greg London: > > > > Would it be any less secure than having the user > > > > set up an account and their own password?
> John Saylor wrote: > > yes, more prone to spoofing since it's only one piece of info [trakcing > > number] instead of 2 [username/pw]. ( 05.02.07 17:08 -0500 ) Greg London: > Is this if the tracking number / one-time password is > tied to the email address that made the order? > Or does this describe a tracking number with no associated > email address? well, if there is an algorithm to generate the tracking id, it can be spoofed. so maybe the email is used there, and maybe not [maybe the date, maybe a counter, w/e]. i'm also not taking into account the fact that many passwords are easily guessed here. i'm just talking about the information needed to authenticate in some way. someone else wrote in about how many passwords are very easy to guess. a password is probably going to be easier to guess than a tracking id [user error], but it may be pretty easy to generate a tracking id or two. -- \js oblique strategy: short circuit (example; a man eating peas with the idea that they will improve his virility shovels them _______________________________________________ Boston-pm mailing list [email protected] http://mail.pm.org/mailman/listinfo/boston-pm
