Re: There's but one solution that will work.
I don’t know if this works, it feels so much like we’ve shown that this “secret passcode” being the way to interact with service providers is a shit system.
Back in the day, you lived in a village, and everybody knew everybody’s name/where they lived etc
Can we construct a system that allows us to validate identity, and therefore entitlement to service, when all PII is essentially public? Without this, I think it’s chicken and egg trying to hide PII and it inevitably leaking through one avenue or another…
You need to be able to prove you are who you say you are when presenting yourself (MFA is pretty good for this), and you need to be able to demonstrate entitlement to service, so either the provider needs a record, or you need to posses some redeemable token that was acquired earlier.
I don’t think it’s convenient, but I don’t see how we do this without some kind of Account system, which seems like a great way to lock people out and create a new class hierarchy, so I don’t like it either.
I think the security adage that obscurity isn’t protection needs to apply, but I don’t think an account assigned at birth is great either, how would you configure MFA for a child, or if you lose your possessions in a house fire. I am *not* advocating for DNA tests but it seems there isn’t another way right now to move away from these secrets… I’m sure DNA tests could be faked under the right conditions.
It seems our choices are either this mess, or 1984… any other ideas?