In a previous item we were discussing two-factor authentication for banks, as recommended by U.S. federal oversight bodies, and Axel pointed out that it’s not enough to authenticate the user once; really every transaction needs to be authenticated, as apparently is already the practice in Europe.

Here’s another per-transaction authentication system, this one for electronic mail, by MessageLevel. Banks and other entities that do business online want to be able to send invoices and other auditable financial information via electronic mail. That’s difficult, partly because of phishing, which makes everyone distrust mail. MessageLevel offers a three-way handshake to deal with this problem. Continue reading →