On 0, Risker risker.wp@gmail.com scribbled:
Ah, thank you. So at any time someone, say a checkuser, could have asked her to provide confirmation...
R.
Just confirmation that the same person who provided the hash was the same person providing the secret. The secret doesn't actually have to be contact information or anything fancy - we just recommend that because it provides a third way of verification and contact information tends to be lengthy (and as we all know, longer passwords/secrets == better).
-- gwern JOTS ISACA NCSA ASVC spook words RRF 1071 Bugs Bunny Verisign Secure ASIO Lebed