
The IRS is paying Equifax millions for a login system that's been hacked twice - imanewsman
https://qz.com/1094442/equifax-efx-built-the-irss-login-system-that-was-hacked-in-2015-and-the-irs-just-renewed-its-contract/
======
wilkystyle
> _The system, known as Knowledge-Based Authentication, or KBA, asks questions
> based on a person’s credit history, such as “On which of the following
> streets have you lived?” or “What is your total scheduled monthly mortgage
> payment?”_

So it authenticates you based on facts that can’t be changed, and are either
publicly-available knowledge or easily discoverable with some lite social
engineering?

------
diggernet
Boggles the mind.

