[Spivak]

I think the argument against is that right now people know how terrible an authentication system this is and don't build actual security on top of it -- "we only have cardboard boxes so we installed cameras and encrypted the contents."

Once it's good people will outsource the work to what is essentially a CA system where every BMV in America is an issuer and I expect it to hold up at best as well as SMS verification.

[c22]

I think the problem is that people are relying on this for actual security. The article demonstrates how easy it is to get companies to accept this form of fraudulent authentication (and the demand for this service speaks to its efficacy as well).

Why not let notaries or an authoritative agency issue cryptographically signed one time codes upon inspection of your physical ID? Frankly, it sounds like a superior system to me.