Reply to post: Re: @Sane ...

Apache Foundation rebuffs allegation it allowed Equifax attack


Re: @Sane ...

That'd help, certainly. But the problem comes when someone loses the code. There has to be a recovery system; "sorry sir, you shouldn't have dropped your phone in the pool, now you can't ever get a loan again" isn't going to cut it. So how will they identify you to recover the lost code? Probably with the same information an attacker would have gotten from a data breach.

The fundamental problem is that financial companies generally don't know who their customers are anymore, and there's no good way for them to verify it. I'm not sure how you fix that. The current schemes (SSN and mother's maiden name) are laughable, but it's not immediately obvious to me how to do better.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022