|
|
|
|
|
|
by jdmichal
1834 days ago
|
|
|
> Your identity can create new credit cards. It can take out loans. It is inherently a higher order security risk, and therefore should by default have more restrictions. It's a security risk because of the first couple things you listed. The problem is that identity cannot be simultaneously a secret and a public identifier. As the name should suggest, identity serves a much better use as a public identifier. So we should stop treating it like a secret and start creating real infrastructure for actual secrets. By the way, this is completely analogous to credit cards. There's a reason the industry has moved to chip cards physically and tokenized cards virtually. And that's because the card number was serving as both identity and secret, and that doesn't work. The deviation is that, in this case, we've decided to make the credit card numbers a secret which is cryptographically protected (chips) or at the very least stored in an opaque manner (tokens). |
|
|