[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] After Equifax pwning, what is the best means for replacing the SSN?

> In article
> <CAHVSqQcWYU=Ts4+PKyR77q8DRQ4+W1DzZ8dwHFWVRHaBNWaGKA AT mail.gmail.com> you
> write:
>>Maybe I'm misunderstanding, but isn't this fairly easy?  Just invent a
>> fine
>>for companies that use SSN as an authentication mechanism.  Or any
>>identifier that is knowingly public, including having been made public by
>> a
>>security breach.
> My preference is to say that any transaction validated with an SSN is
> presumed fraudulent and is voidable on request.  Fines are hard, they
> require courts and such.

Until someone figures out how to exploit that on a wide scale.

I expect at some time in the future our wallets will be filled with
cryptographic key cards instead of store loyalty cards. (Or dongles on
your keychain, which will make losing your keys even more fun.) Cell
phones make the problem harder because it is a pain in the ass to make
dongles that support every version of USB or whatever Apple wants to use.

perl -pe 's/^\s+//g' *.py

The cryptography mailing list
cryptography AT metzdowd.com