@jsonbecker oh yes - agreed - sending credentials is wrong and lazy. The worry is this idea of 100% ‘absolutism’ that is being assumed for internet verification that we don’t even pretend to have in real life. I would also like to see insistence on corporate identity - not oft talked about - but ID should go both ways - it can’t just be dear person please identify yourself to we the mighty corporation - I should be able to ask the caller to prove that they do indeed officially represent the company that they say they are from.

</stands_down_from_soapbox>

</end>