May 19, 2006

Mailpass

Bank of America has a smart idea they call “site key” as a defense against phishing. Logging into their site is a two-step process: you enter your username, which takes you to another page to enter your password. On this second page there is a picture that you have previously chosen from among many pictures, accompanied by a descriptive word that you typed in yourself when you chose that picture. Barring a security breach, it would be essentially impossible for a scam artist to reproduce this.

Something like this could be applied to e-mail, to help identify it as legitimately from the bank (or paypal, or ebay, or any other institution susceptible to phishing attacks). When the user sets up an account, they type in a unique, memorable phrase that is completely unrelated to their password. This phrase will then appear in all e-mail from that institution to help identify it as legitimate. I’m calling this key phrase a “mailpass.”

I can imagine a technical objection to this, and a related psychological objection. The technical objection is that with rare exception, mail is not encrypted. So the mailpass will be sent as plain text over unsecured channels, making it vulnerable to interception.

Which leads to the psychological objection. Because a phisher could intercept and use your mailpass, the mailpass would need to be viewed as a necessary proof of authenticity, but not a sufficient proof. This point could easily be lost on a lot of people, and there would need to be plenty of attendant scare-language to the effect that you cannot count on a correct mailpass to be rock-solid proof of authenticity, should always exercise due care against scammers, etc.

But mailpass would definitely make e-mail filtering a lot easier. If I were to get e-mail from paypal that lacked the mailpass, I could confidently route it to the trash without even looking at it. And I can’t think of any other reasons this would be a bad idea, though I’m sure someone out there could.

Que onda guerrero

Problem: Bush wants permanent war, keeping citizens scared and Halliburton happy.

Problem: Military recruitment is down, because people don’t like being blown up, and relatively few Americans are so desperate for a job that they’ll risk it.

Problem: Bush wants to create a “guest worker” program, and find a way to permit illegal immigrants to stay in the country without seeming soft on them, perhaps by imposing a fine.

Solution: Create a “guest soldier” program. Our friends from south of the border who want a chance to live in the USA can take their chances getting a green card, or can volunteer immediately for the U.S. military. Illegal immigrants who are rounded up will be given the option of immediate deportation or enlistment. Those who survive a two-year hitch can go back to picking vegetables and ensuring Americans have low food prices (so that we can stay fat and sit on the couch, pretending to blow shit up on our Playstations) without being hassled by the INS.

Yes, I’m joking, but I’m a little surprised some wingnut hasn’t advocated this in earnest yet.