| reply to jlivingood
Re: Hmmm Generate a unique "authenticity code" for each customer. Print it in every bill. ("Your authenticity code is 987654321. All online messages from Comcast will use your code. Emails and popups that claim to be from Comcast but don't have your unique authenticity code number are forgeries.")
Then the message could say "To confirm this message is really from Comcast, it uses this authenticity code which is printed in your monthly bill: 987654321"
This technique also works to prove that emails or other online communications are really from the company they say they're from, any time there's a known-legit printed bill the customer can refer to.
The unique code could be a random number generated for each customer, or to save space, algorithmically generated. (For instance, combine the customer's account number with some secret key text Comcast makes up, then run a message digest function on the result. As long as Comcast keeps the secret key safe, no hacker can know a customer's unique authenticity code without intercepting a prior communication.) |
|
 jlivingoodPremium,VIP
join:2007-10-28
Philadelphia, PA
kudos:1 | said by sgdoerfler:Generate a unique "authenticity code" for each customer. Print it in every bill. ("Your authenticity code is 987654321. All online messages from Comcast will use your code. Emails and popups that claim to be from Comcast but don't have your unique authenticity code number are forgeries.") Then the message could say "To confirm this message is really from Comcast, it uses this authenticity code which is printed in your monthly bill: 987654321" This technique also works to prove that emails or other online communications are really from the company they say they're from, any time there's a known-legit printed bill the customer can refer to. The unique code could be a random number generated for each customer, or to save space, algorithmically generated. (For instance, combine the customer's account number with some secret key text Comcast makes up, then run a message digest function on the result. As long as Comcast keeps the secret key safe, no hacker can know a customer's unique authenticity code without intercepting a prior communication.) Another good idea. A take on this might be to somehow incorporate the billing / acct ID # from your bill.
--
JL
Comcast |
|
 Jafo232You Can't Spell Democrat Without Rat.Premium
join:2002-10-17
Boonville, NY | I think it is a step in the right direction. Honestly though, I know myself and I would ignore that popup as an ad. Perhaps being able to call and confirm instead of clicking a link. Show the phone # and confirmation code in that ad.
I like the idea of walling off users if and ONLY if there is a very low chance of false positives and only if a person can get the restriction lifted quickly.
I have been saying for a long time that ISP's could not only save themselves bandwidth by proactively stopping botnets, they could also help the Net in general.
--
Custom PHP/Perl Development. Vbulletin And Wordpress Mods Too! |
|
 NerdtalkerWorking Hard, Or Hardly Working?Premium,MVM
join:2003-02-18
Tucson, AZ | reply to sgdoerfler
At that rate, why not give out those one-time-pad emulating security dongles that ETRADE, WOW, and now PayPal are giving out (RSA based).
I just have a hard time seeing users responding to anything other than a straight up block+walled garden.
--
"Some people never see the light till it shines thru bullet holes." -Bruce Cockburn
I'm testing Gmail's spam filters: Broadbandreports1@gmail.com
Spam: 12900+ messages currently using 406 MB. |
|
| reply to jlivingood
how about making account numbers something a customer can elect on their own as to what the account identifier is?
I've had comcast at 3 locations I've lived and I don't think even for a second I ever remembered the account # without having to pull it up off an old bill - and I don't like to keep around old bills. No, social security number is not a good alternative. |
|
