[thelist] High Security Password

[Fred Jones]

Ken Schaefer wrote:
> This appears to be an implementation of a "one time pad".

Precisely.

> So the question is - how are you authenticated at the other end? Does the server have to hold the same one time pad?

I see no other way, save some mapping algorithm.

> I also use ING, but I suspect I'm in a different country to you. They have a bit of half-assed approach to this (you click on a graphical keypad, but it's not a OTP)

My ING account is US-based. :)

Fred