Salz, Rich writes: > I would say this puts you in the sub 1% of the populace. Most > people want to do things online because it is much easier and "gets > rid of paper." Those are the systems we need to secure. Perhaps > another way to look at it: how can we make out-of-band verification > simpler?
There's probably a whole O'Reilly book waiting to be written on identity verification, but let me say it in one phrase: "closing the loop". That means giving information electronically, and expecting to get it back via a different path. So, as an example, the institution prints are magic number (also in barcode or QRcode form so you can scan it) on a piece of paper, and mails it to your address of record. Or they call your phone number of record and ask you to enter a magic number. Or they ask for a time-proof-of-work. Let's say that you've been posting to an online forum for some time (e.g. this mailing list). They ask you to post a magic number to the mailing list in your signature block. Somebody like Lucky Green could use this. Or The Well members, presuming that The Well still exists in some form. Same idea for Facebook, Google+, a blog, your personal website (e.g. russnelson.com), your corporate website (e.g. http://crynwr.com/~nelson/), etc. Anything where only you can enter information just as you have been doing for years. -- --my blog is at http://blog.russnelson.com Crynwr supports open source software 521 Pleasant Valley Rd. | +1 315-600-8815 Potsdam, NY 13676-3213 | Sheepdog _______________________________________________ The cryptography mailing list [email protected] http://www.metzdowd.com/mailman/listinfo/cryptography
