Hello Kane, It is good that you worry about security - albeit that the approach that e-gold takes is fairly standard and reliable. It's a common approach on Un*x systems.
> say, someone - maybe a kid - click on the link and he sends an email to > [EMAIL PROTECTED], referencing your e-gold account number in the > subject line of your message. > > so, will e-gold automatically change the users e-gold passphrase ?? > > so, the user was denied entry to his own account because of someother > person ??? First, that would never go unnoticed by the account holder. That's the security that you get from the encrypted pwd storage :- as long as the password does not fail you know that nobody's been meddling. In this kind of scheme, passwords are only sent to a previously registered email address of the owner, so that only s/he gets to see the new password. You will also notice that, and not be denied access. Might you miss the email for whatever reason, then you can always send for a new password again. Plain and simple. Of course, things would be more secure if it were somehow based on PGP-encrypted notifications, and/or if a signature would be required before the password could be submitted. Alas, that's not how e-gold operates, and nor do most other online institutions. Perhaps a matter of time? -Rick van Rein. --- You are currently subscribed to e-gold-tech as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED] Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s) via the web and shopping cart interfaces to help thwart keystroke loggers and common viruses.