On Tue, 8 Nov 2005 19:45:53 +0200, Adrian Rossouw <adrian@bryght.com> wrote :

...

True, but not everybody can use ssl/tls. What about some kind of authentication checking where the site would keep track of where you have logged in from and upon detection of a change would prompt you with a question that only you would know or send you an email that you would have to respond to before you could gain access? Like certain ISP's that change the ip of the user with ever request ?

'where you have logged in from' is mostly impossible to determine.

They may change their IP, but that IP can be tied to who owns that block. Pat