With Fraud Awareness Week happening this week, one of the main things I hear about (apart for, obviously ZEUSZEUSHACKEDMACHINESFRAUDZEUS) is identity theft and ways to deal with it. I wrote in the past about issuing additional secrets, basically, I don't believe in it - and the more I hear about two factor auth, the more worried I become. The problem is that because traditional methods fail, identity theft stops being the individual's problem and become society's problems.
Why?
When large entities (read: governments) realize that issuing secrets doesn't work (even digital passports and IDs get stolen and forged), they start thinking about solving that in the most obvious way (if you're a gov official): storing something-you-are type authentication factors. This is how biometric repositories are created (and then hacked. But that's a different story). If only everybody would be more laid back about behavioral profiling based on available online identities... but then again, this isn't a product nicely packaged with a nice RFP that gov and banks can understand.
Oh well. Don't come asking for my finger prints.
Why?
When large entities (read: governments) realize that issuing secrets doesn't work (even digital passports and IDs get stolen and forged), they start thinking about solving that in the most obvious way (if you're a gov official): storing something-you-are type authentication factors. This is how biometric repositories are created (and then hacked. But that's a different story). If only everybody would be more laid back about behavioral profiling based on available online identities... but then again, this isn't a product nicely packaged with a nice RFP that gov and banks can understand.
Oh well. Don't come asking for my finger prints.
No comments:
Post a Comment