
Your Social Security Number Isn’t a Secret - SREinSF
https://mobile.nytimes.com/2017/09/13/opinion/your-social-security-number-isnt-a-secret.html?action=click&module=Opinion&pgtype=Homepage
======
quuquuquu
>social security numbers aren't a good identifier because they can be spoofed

agreed

>biometrics are a good identifier because gov't employees id themselves like
this

sooooo um what happens when that database is hacked, like OPM was?

here's an idea. security questions with answers that aren't very guessable.

why?

I call my bank and they say, "tell me the x words that you selected as your
security combo, in order"

And I say "zebra john henry alligator cheetah mosquito cardshark"

And they say "great, now sign in to the website to see a verification code
we've sent to you"

"ok it's 15467"

"ok how can i help you today?"

It's not foolproof, but it proves ownership of the account and access to a
very long piece of data that the bank and I agree to use as a human readable
private key, that we can change at any time together if compromised.

They can also text or email me when a sign in to my account occurs.

This way, unless my account has been hacked and I am completely unaware of it,
any bad shit that might happen will be caught quickly.

I can't imagine this is worse than the current scenario.

