[herewulf]

The solution is a government issued key pair. Probably on a Yubikey type of device. Replacing a lost one of those is then the same process as replacing a lost driver's license / passport / other government issued identification.

By 2023 it's high time for these forms of identification to catch up with the digital age. It's high time to end the joke of verifying identity by birthday, SSN, "in-security questions", and other easily leaked information. And obviously 2FA by SMS is not good either.

[ridgered4]

I can't say the idea of a verifiable government id being demanded by every social media or other sign up sounds that thrilling to me. It'll just be facebook demanding a scan of your driver's license in a different form. The SMS verification step where you phone number is demanded "only for security" (and then used for advertising 10 minutes later) is bad enough, but at least it is still possible (if onerous) to get some some separation there.

I'd honestly just prefer TOTP or hardware tokens be mandated as an option for 2FA if you offer it.

[arcticbull]

I think Estonia started doing this like 20 years ago. [1]

[1] https://e-estonia.com/solutions/e-identity/id-card/

[fsh]

The German national ID contains an NFC smartcard since 2010. Unfortunately, adoption has been quite slow. Many companies still use some wonky video based authentication procedure. I guess they believe that installing a separate app is too hard for many users, and filming the ID is easier.

[nytesky]

We should just have state issues licenses with chips. At the bank I show my license; on bank website it reads the chip and pin off my license.