[Cryptography] PRISM-Proofing and PRISM-Hardening

Bill Frantz frantz at pwpconsult.com
Thu Sep 19 13:24:15 EDT 2013

On 9/19/13 at 5:26 AM, rsalz at akamai.com (Salz, Rich) wrote:

>>I know I would be a lot more comfortable with a way to check the mail against a piece of paper I
>received directly from my bank.
>I would say this puts you in the sub 1% of the populace.  Most 
>people want to do things online because it is much easier and 
>"gets rid of paper."  Those are the systems we need to secure.  
>Perhaps another way to look at it:  how can we make out-of-band 
>verification simpler?

Do you have any evidence to support this contention? Remember 
we're talking about money, not just social networks.

I can support mine. ;-)

If organizations like Consumers Union say that you should take 
that number from the bank paperwork you got when you signed up 
for an account, or signed up for online banking, or got with 
your monthly statement, or got as a special security mailing and 
enter it into your email client, I suspect a reasonable 
percentage of people would do it. It is, after all a one time operation.

Cheers - Bill

Bill Frantz        | If the site is supported by  | Periwinkle
(408)356-8506      | ads, you are the product.    | 16345 
Englewood Ave
www.pwpconsult.com |                              | Los Gatos, 
CA 95032

More information about the cryptography mailing list