> I think this is an interesting idea, but aside from getting users > to install something and cross-platform issues there's a huge > problem with doing this... The user's computer itself. > > I've come to the reluctant conclusion that users' computers > are the major part of this problem. Computer-security as most > people practice it is woefully-inadequate, so the solution has > to be something that's physically not a part of their (insecure) > computers, IMO.
Hi, I already formulated a good solution for this about one year ago. It consist of a formulaic response to a numeric code, which has to serve as a second layer password protection. Besides the normal passphrase you would see a 10 digit random number in the login screen. The person who logs in has to give the correct response to this number, according to the formula he has set in his user options before. This can be quite simple and easy to remember, because it only serves as a second protection besides the main passphrase, and is meant to defeat the password loggers (or perhaps somebody looking of my shoulder when I log in). The big advantage of a formulaic response to the number is that even if you watch me key in the response, you won't know what my formula is, so you won't be able to steal from my account because next time you try to login a different 10 digit random number is there on the screen... For example: Random number: 3562113902 My response 33718e0462 You can't figure out what has been my formula , do you? In combination with the standard passphrase this makes for 100% protection because you can set the account to lock and warn the owner (email) if there are 2 or 3 attempts with correct passphrase but wrong formulaic response. This means it is time to change your passphrase. So, you can steal my passphrase and see me give the number response, and still you won't be able to crack my account. What more protection you could have? Danny --- You are currently subscribed to e-gold-list as: [email protected] To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.
