That's all well and good, but how do we know the secret was randomly and fairly generated?
In theory, it should be possible to generate a provably random number. I don't know whether PIW's customers care enough for it to be worthwhile to implement. The protocol would go like this:
PIW generates a secret.
Secret: 0cd645b8cc7325838b2fa809f308e28ef9463494
PIW sends hash of secret to user.
Hashed-Secret: d18b235bd2c80890a8aee4c564cfbce251633bb3
User records hashed secret.
User generates a nonce.
Nonce: ce61948f0d95be1746017cc327b8d28316055c8f
Secret and Nonce are concatenated and hashed to form the final random result.
Concatenation: 0cd645b8cc7325838b2fa809f308e28ef9463494ce61948f0d95be1746017cc327b8d28316055c8
f
Random: 4f20d70d465fd0743a808048b7a7780e76627d58