[Cryptography] "password manager" --> _authorization manager_

[Jerry Leichter]

On Aug 16, 2014, at 1:27 PM, John Denker <jsd at av8n.com> wrote:
> ...I run very little risk that any online merchant will compromise my
> credit-card account, because my bank provides an app that generates
> ephemeral credit-card numbers, one per transaction....
My credit card vendor used to supply such a service.  They dropped it because - according to them - uptake was very low.

There were problems with their implementation which made it harder to use than it should have been, so one might argue that that was the cause of the failure. And yet most implementations of *anything* aren't as good as they might be - waiting for a perfect implementation is equivalent to doing nothing at all.

Ultimately, in the US, I'm not liable for more than $50 if my credit card is stolen - and in practice for nothing.  Since I've had CC numbers compromised more than once in the past, in circumstances that no one has ever explained, I've arranged things so that I can recover quickly when it happens again.  I take reasonable care not to reveal it - but I basically see it as the bank's problem.  If they find that virtual card numbers aren't worth the bother ... that's on them.

                                                        -- Jerry