In my case, if it is really a place that I need security (bank), it is a phone call. My online bank will only allow 3 mistake logins within a short time and then it requires a phone call to get the access opened.
If I get a password by email, I change it on the first new login.
The odds of a single email sniffed is pretty low in my opinion. And if you are on the ball, you request the password when you will receive it and hopefully act before the sniffer can even go through the data.
Some banks in europe will hand you a sheet of one-time passwords to be used in order in the event that other mechanisms fail or are inappropriate.
This is an interesting thought. When one bank that we used changed from UNIX to Windows servers, the passwords became case insensitive and would not accept some characters. We raised this with the bank and they didn't seem to concerned.
-- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@xxxxxxxxxxxxxxxxxxxx GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
