|
|
|
|
|
|
by acklenx
2243 days ago
|
|
|
I can't get my [knowledge-based authentication] data back. I don't want their measly $125 from them (it will cost me far more time and money when this breach is used against me). I want them to pay the cost for the government to replace the SSN as an identifier. And to pay for the government give me a new SSN in the meanwhile... and they don't get to store the new SSN in their database (because they dun messed up). I think that would be a better outcome for everyone. |
|
|
Everyone is identified by their birth date, the name of their mother and their birth place. (Their own name is not that important, for example twins can pull off identity fraud easily, as they can pretend to have the name of their twin, and how would anyone know!?)
Sure, we can go full 1984 and GATTACA and use biomarkers and papers and whatever. But that just makes puts many edge cases out of scope, doesn't solve them at all.
If someone shows up at the bank and claims to be someone, they can produce documents, either via simple forgery or by stealing someone else's "identity".
They can then pass all the checks the bank runs. (Sure, if there is some database that says don't open accounts for these IDs, then the scammer can start with persuading the admins of that DB to unlock the corresponding ID.)
And this will always happen as long as we allow fallbacks for people to get access to (and create) their accounts after losing (or without creating) a strong cryptographic key (password).