Oh, please! No! No! No! India bulldozed a national identification number (called Aadhaar) on its residents and it has made more people vulnerable to many kinds of attacks, including phone number hijacking, draining people’s bank accounts, etc. To say that it’s been an unmitigated disaster would be an understatement. As with things related to government, the governing organization for Aadhaar, called UIDAI, always claims that it’s completely secure, while ignoring the fact that linking one number to everything in one’s life increases the attack surface and the severity of the threats.
So please research on the number of ways Aadhaar has failed, and is making some feeble attempts to recover, before getting into a “let’s create a new static number to identify people with instead of a phone number or SSN”. That’d just be changing the narrative without achieving anything.
Bottom line, it’s not the phone number that’s the problem, but having a unique and non-changing number and linking it to everything else (including one’s phone numbers).
If all it takes to drain someone's bank accounts is to be able to uniquely identify them, then there's an enormous issue with the banking system.
> Bottom line, it’s not the phone number that’s the problem, but having a unique and non-changing number and linking it to everything else (including one’s phone numbers).
Totally disagree. Linking it to a phone number is fine, but the entire point of such a number is that you should be able to print in on your business cards or wear it on your t-shirt. :) Knowing it should grant no privileges to anyone.
Of course, I think your underlying point is that the real issue isn't that we want a good way of identifying people, it's that we want a good way of authenticating them, and we're no closer to solving that. And people keep misusing ways of identifying people as ways of authenticating them. But maybe we should be focusing on that instead?
If you have a means of authentication, a shared identity means you can reuse that authentication on multiple other services. It greatly increases the power of keys, or conversely, increases the danger in loss of a key.
It's a solved problem, just nobody wants to fix it.
Would you call a number to temporarily block it, and a fine to get a new one? If so, how does the call authenticate you?
Second question, "pretty hard to forge otherwise", is about roughly how hard? Has it been proven possible / proof of concept? Or did you mean to say you're unaware of any successful forgeries but (naturally/obviously) can't honestly claim it's totally impossible, because you never know.
I'm real curious about the Estonian smart card thing. Does it work well? Can you only sign government things with it, or really just about anything that needs your authentication? (say, commercial contracts) Does it have a private/public key type of thing so that you could also encrypt something with someone's public key so that only that one individual cardholder can ever decrypt it?
So if you can forge that, you can crack open the whole Internet :)
It even survived an crypto flaw.
Add to all this, corruption is a way of life in Indian government(s) - central and local. Even if a system is solid (technology wise), there are tons of social problems to deal with.
Comparing Estonia with India is not fair at all, at any level.
This is not to take anything away from Estonia's achievement. Kudos to them for setting a great example! But their small size, having to support just one language etc gives them a tremendous advantage
The file they give you as a encrypted pdf of your ID is locked with first four capital letters of your name & then your birth year. It was very touted that this password range is from AAAA to ZZZZ & 0000 to 9999 making a brute force time to 52+ years. But then, nobody before 1918 is alive; & nobody born in 2019 & after. So 0000-9999 becomes 1918-2018. Then names: then most popular name lists are available from many sources. 52 year brute force was proved to be 3 something minutes. The authorities response: they filed criminal cases against who wrote about these flaws.
Why is there a PDF of your identity card, and why is it encrypted? Surely nothing publicly visible on the identity card is private information.
Private identifiers on citizens would not be very useful.
It seems like a lot people here are confused as to what is an identifier and what is authentication. An identifier uniquely identifies someone (the uid), while authentication is the way to prove identity (the password). One is normally public while the other has a secret component to it.
Encrypting with the public key can be done by anyone, but only the private key can decrypt. This allows encrypted communication.
But encrypting with the private key can only be done by someone with the private key. It can be decrypted by anyone, but only using your public key, thus proving your identity; or more accuractely, this proving you have the identified party's private key. So I ask you to encrypt some random OTP to prove your identity. Then I decrypt it with your public key to test your proof. This is how cryptographic signatures work.
Government-issued identification seems an obvious application of PKI.
A public key can be an identity, it's a perfectly workable outcome of Zooko's triangle, but it's not a very useful one for most use cases.
The article is about using phone numbers to uniquely identify people and the problems that brings.
> It seems like a lot people here are confused as to what is an identifier and what is authentication.
I'd say it's you who can't fathom that the two things can work together and only together in some cases.
Not all systems are online/electronic. Although explicitly prohibited, banks keep a paper copy of Aadhar & so do courier delivery, passport etc. Only mobile companies this year have done away with keeping a photostat. Law is, bank or mobile or any ask aadhar number, authenticate the request, fetch required data & store that resulting Boolean.
The problem is how the average person working in the bureaucracy will see this, not how a smart programmer like you on hackernews would see it.
The world is full of average people doing average mistakes in average bureaucracies. Everything that can be abused, will be abused.
Of course, you still need to obtain the PDFs. And there is that wall in the way...
That seems to me like a justification for doing the least amount of work needed. Sure, it's true to some degree, but (taking this case as an example) PKI is objectively uncountably better than a PSK-like structure. There's a base security level and until that's reached, there's no need to expend money and time or inconvenience users to gain greater security. Anyone who doesn't get to that level while designing a project of any importance is a lazy idiot.
Actually, it needs to be both secure and easy to use to work.
The problem is not really with Aadhar, but how people and companies use it. Bank accounts are drained because people share their OTP's with the people they don't know, when they should not. Phone number hijacking would have been a problem even without Aadhar since a lot of financial institutions across the world use to for 2FA.
Without Aadhar though, it was even easier to steal someones identity by using a false id. At least with Aadhar based biometric authentication, that't not easy now.
A unique and non-changing number and linking it to everything is not the problem, IMO, but with treating that said number as a secret number (akin to the US SSN). With people not being educated about correctly using Aadhar, and entities just using the SMS based 2FA as the authentication mechanism for critical transactions like banking.
But the way people and companies use it is predictable. They'll tie everything to it in a way that isn't secure (because who are we kidding) in a way that information can't be updated if wrong (because even if the identity is centralized the data isn't).
And it will be used comprehensively to coordinate surveillance.
But that isn't even the major problem. The problem is that if someone compromises your bank they can steal your money; if they compromise your vehicle ownership info they can steal your car; if they compromise your phone they can invade your privacy; if they compromise your corporate ID they can get inside your company.
If they compromise your One True ID, they get all of that all at once and the ability to take out credit in your name, enter contracts in your name, commit crimes in your name, etc.
Correspondingly it increases the payoff (and so volume) of attacks and the harm caused by each attack, for a polynomial increase in total damage with the size of the identity system. Creating one system for an entire major country means... you can do the math.
On top of that, what if someone were to compromise the system itself, for everyone all at once? Armageddon, basically. Possibly literally if the system is used to control access to weapons of mass destruction.
All centralized identity systems are inherently insecure. We don't know how to build something that can withstand the attacks that such a large payout attracts.
It's the same category of problem as trying to provide secure law enforcement access to encrypted data. It's too much power to put all in one place. That much centralized power inherently draws in an insurmountable level of corruption and crime, and is a catastrophe as soon as it touches the normal background level of incompetence.
And what's so bad about having one ID for your bank, another for your employer?
Is there? Or are they both using SSN?
Can you give sources for that. It's a big claim.
> linking one number to everything in one’s life increases the attack surface and the severity of the threats.
I think looking bank accounts is absolutely necessary to prevent tax evasion. Intrusive linking with phone numbers etc is undesirable, but it's only for authentication, not surveillance. And having single Id is better than having 10 different disparate ones. Finally, I don't see any evidence that adhaar has been compromised, but that's it's improperly used.
Cash on delivery just means address was qualified. But address is normally available from other services, and is not achieved by impersonating someone in authenticaiton.
Even if all you claimed is true, it just means that the school, the bank, and the telephone company shouldn't take adhaar id as authentication, which it was never intended t be. Use OTP/Biometrics for authentication.
If someone steals your biometric data (and that is a thing that can happen through a variety of methods), there's no form you can fill out be issued new retinas. Your identity is permanently compromised.
A moderate increase in security in the average case in exchange for catastrophic failure modes isn't good tradeoff.
(And given the very, very troubled history of biometric security, I'm being charitable assuming it's even an increase.)
The reality is the government chose biometrics primarily so it can more easily track people. It wasn't to make it easier for them to use banking services.
If that's why it is broken, then I would be happy with it. Nobody is using fake biometrics to authenticate yet. And even then there is the second factor of otp.
UIDAI also says Aadhaar is not compromised. The point is that nobody would try hacking the UIDAI database directly when there are far easier and cheaper ways to get to the data through other means because it’s linked with almost everything (depending on the state one lives in).
Also please read up on Rachna Khaira’s exposé (in Tribune) on how cheap and easy it was to get access to people’s information from the UIDAI database. That could also be called “hacking”, but the UIDAI won’t admit to that.
All this can be blamed on “bad actors” to avoid taking responsibility, but it’s clear that the system and its usage never went through a proper design and test implementation. But all along, there was (and continues to be) a lot of coercion to get people to register for it and link it everywhere.
FWIW, this topic makes me very frustrated.
The attack vectors already existed without a central source of authentication, say with fake birth certificate and no authentication.
I still don't see adhaar as a negative, merely being misutilized by different people.
To add insult to the injury, Aadhaar officially allows people in the upper crust and political class to avoid it entirely insulating them from the potential damages of an experimental system. To add even more insult to injury, the UIDAI goes after people who point out the flaws in their "scheme."
The only winners seem to be tech providers, contractors, some bureaucrats, and the IT contractors who seem to be making loads of good money on this.
Not the biometrics. And the leaked information doesn't allow one to impersonate someone.
Is the alternative of relying on passports/birth certificate better? Are you against any universal id scheme in general?
All the criticism of adhaar seems shallow. If your home address is leaked somehow, say by a customer service representative in a bank, would you say that is the failure of the post office? It is a privacy risk to have one's address out in the public, but is that a reason to oppose post offices, or stop living in houses?
What use is biometrics when I can update the actual record itself?
>And the leaked information doesn't allow one to impersonate someone.
Thats because the biometrics doesnt work for anyone 60-70% of the time.
Well thats the other problem with Aadhar. According to the Aadhar Act (2017?), all Aadhar related data (including my biometrics) are property of UIDAI. So I don't even own any rights and hence (as explicitly stated in the act) have no legal recourse if that data is compromised.
> Well thats the other problem with Aadhar. According to the Aadhar Act (2017?), all Aadhar related data (including my biometrics) are property of UIDAI. So I don't even own any rights and hence (as explicitly stated in the act) have no legal recourse if that data is compromised.
Yes, that is a concern. Impersonation in authentication can lead to ruin for people, and the govt wants no liability. But is there any liability currently, in say, a fake passport?
So there, you have proof that your data is not secure.
With an authentication mechanism intended for a billion people, which include some of the most poor and illiterate you have to have a balance between security and ease of use. This is unfortunately a compromise, but should at least be x times better than the previous standard.
> Imagine the horror for people who lost their SIM card; to get a copy of SIM they need the SMS code which was sent to their registered number; wait for it.. which was lost.
Oh, please. They can go to the store and use their biometrics to get a new card. That's how I got a new sim card when I lost mine.
Maybe ration is a system where adhaar should not be applied, or a system of quick appeal should be created. But how is relying on peice of papers like birth certificate/ration card/passport a better system for authentication and identification?
Can you please read it again & think how many people you know or read about who had fake passports to get ration? Heck people who need subsidized ration most probably do not even have the Original passport & not even the need for that.
Only ration cards were used for ration, if you know, & someof them were specific. Light green A5 size booklet were the common one, anybody could have it, but not everybody could get ration on it. So most of the time it was used as address & ID proof as it had address, photo of all family members. Only kerosine oil, sugar, soap was available on it. Then there were blue books, yellow cards etc for people below poverty line, enabling them free wheat, rice, salt etc.
Nobody could fake a ration card because the depot incharge also had a master register, where the card details need to be matched.
However as stated above having some security in the authentication (SMS) is better than none (credit card).
Sure. But, using that data to impersonate someone by creating a 3D or silicone model of your fingerprints/iris need a good amount of resources that your average Joe does not possess. Given enough resources, any means of authentication could be easily exploited.
Honestly, I am not being snarky, but could you please suggest a better authentication mechanism, that is more secure, but can be used easily by people who can't read/write or live in slums, or in small villages, and don't run into issues like forgetting the crypto key or losing the auth device?
If someone guesses a password, you can change the password. If someone gets a viable replay of a fingerprint or iris scan, you can't change it.
I wonder if a formalized "delegation of identity" system could solve the "missing key" problem.
When you have your key, you'd be able to issue a "I trust this person/firm to reliably identify me" certificates to others. This could potentially be trusted friends/family/co-workers or even official "recovery services" that had different means to verify identity.
So if you lose your key down the road, you can bring one of these people along, and the fact they had your certificate, and vouched that they had identified you, and that would be considered legally equivalent to presenting your actual key, or allow the start of a key-reissue process.
And so on.
Please do not get confused with social security numbers (or equivalents) as universal or national identifiers. They are not, although their use in such a manner has caused issues (as pointed out in my comments here).
Coming from a country, Sweden, with no mandatory ID card and a national identity number, it was both quaint and a real hassle to deal with the odd notion that a national ID number in the UK was a threat to me, but in Sweden it wasn’t. I had more trouble because of it in the UK than I ever had in Sweden. And in the UK you often had to use a passport to identify yourself, which in practice is a national ID.
No ID cards are to be issued by the Secretary of State at any time on or after the day on which this Act is passed.
The UK equivalent of a SSN is a National Insurance number, but it’s totally possible to be a citizen without one (e.g. naturalised non-working spouse). NI numbers also aren‘t guaranteed to be unique (if a person is assigned a temporary NI number it’ll be non-unique with other people with the same birth date).
This is reasonably misleading, as nothing at all stops a new government with a parliamentary majority from simply scrapping that law.
Mmm, that’s not true. Courts recognise EU supremacy over the British parliament, although it would be possible to ant-fuck this point if you were feeling truly pedantic.
The closest most 'developed countries' have is a the equivalent of a PAN number.
I would go further than say that's false, it's the exact opposite of the truth.
* Search for #AadhaarFail on Twitter
* Search for “Aadhaar frauds” on DuckDuckGo or your favorite search engine
The law also says that only Authority can disable this ID, anytime. So once somebody's ID is dead, they suffer civil death. No job, hospital, travel, mobile, taxes.
Every week they switch from ID number is secret: ID number is not secret.
This number can not be changed even for a person. To keep it safe, they introduced a virtual ID number, which, again is permanent for one's life.
Yet from the looks of it, this will happen anyway - the only difference being whether that number is a designated government ID or your phone number, e-mail address or facebook account.
We are already moving fast toward a distopian scifi novel, let's not speed up the process bu 3 orders of magnitude.
Look at how almost all adults in the U.S. have been made vulnerable to identity theft because of the Equifax breach and the leak of SSN and related information. These are irreversible damages.
AT&T is being sued by someone who lost $24M in cryptocurrency because someone decided to piggy-back authentication on AT&T. While AT&T should certainly be called out for having sloppy security, I can't help but feel that they never really signed up for the job of protecting such a valuable asset. It's like trying to protect Fort Knox with a consumer-grade padlock, then going after the padlock manufacturer when someone cuts it open.
The fundamental problem is this concept of "identity" is a bundled abstraction that is being used in order to ignore every way in which scaling to the Internet is intrinsically difficult. Because sitting down face-to-face with someone yesteryear was completely and totally safe, so if only we can replicate that and "know" the other person, then all of these newfangled problems will just disappear!
This is a partial list of actual problems "identity" is purporting to solve and an example of someone heavily relying on it: user-device security (Coinbase), cross-medium access (banks), Sybil problem (Google / IRS), persistent tracking (commercial surveillance), offline transactions (healthcare industry).
Each one of these is an area of research unto itself, but yet "identity" is going to solve all of them together! Really, it is just a crutch that allows organizations to pretend to have solved the issues, and then act entitled when their "solution" falls apart. After having architected their systems as if their identifiers are entirely reliable, any action purporting to have been done by you is then your mess to clean up! Because "your" identity was "stolen", see? Problem solved!
This article ultimately seems like a submarine for the industry consortium of the week. The primary reason a "good" identity system hasn't taken off is that the main thing demanded by users is to create arbitrary unlinkable nyms. Meanwhile these backwards-thinking organizations are looking to "identity" mainly to prevent people from doing just that!
Use all the scare quotes you want. You are one person, not several, and are accountable for your actions regardless of which pseudonym you wish to present them under.
There are plenty of contexts for which there is nothing to be "accountable" for - I would say most general Internet use. And sure, it's possible to disagree reasonably about this, perhaps asserting that you only want to read comments that are policed by some authority. But it is an explicit tradeoff, not merely implicit that we should live in a world without some absolute privacy.
There are plenty of current reliances on "identity" that don't pass the smell test - for example the seemingly common flow of setting up online banking by going home, going to a website, and entering in your public identifiers. In the context of a brick and mortar bank, this is utterly backwards!
Describing an identity system based on nyms as having been "designed to optimize the ease of fraud" is utterly disingenuous. Fraud requires the other party to buy in to assumptions which are then invalidated. Most uses of identity, say online user accounts, don't need to carry such strong assertions in the first place.
Also, highlighting that a term carries a loaded defintion is not using "scare quotes".
Incentives need to be aligned. The Trump Administration cancelled the investigation into Equifax. Target's stock price barely budged. Regulations may not be a panacea as the OPM breach suggests. "Cyber insurance" is an interesting market. Ideally insurers would require best practices to be followed for policy issuance and claim payout. But that can lead to compliance box checking, and litigation/coverage struggles instead of actual security.
As a counter-example, Sweden has national personal ID number system where everyone is assigned a number at birth. This is fine as a primary key in databases but it's not exactly a secret so can't be used to authenticate someone.
The banks stepped up to this challenge and created a common digital signature system called "BankID" where you get either a certificate/private key file (PC) or app (mobile). BankID is used for online filing of taxes, filing change of address, signing up for stuff like insurance, anything that traditionally would require a physical signature. ID verification is done by bank branches when you sign up for internet banking.
That said, given the equifax breach, I literally can't think of someone I'd trust less to handle it.
They asked three questions. All of which were multiple choice and populated with a lot of obvious wrong answers.
Two of them were the year and model of a car I (no longer) leased, and one was a direct "what county do you live in?" which is trivial from the address.
If you physically drove by my house any time when the garage door was open in the last three years, you had a decent chance of knowing the right answers. If you had access to the DMV records, you had the right answers. And on the flip side, I hate to imagine how this would have worked for, say, a scholarship student at age 20 with no credit file.
Enjoy reading my lab test results. I feel so secure.
Nitpicking (but what do you expect with a board that's majority programmers): only people born Swedish get one at birth. I got mine at age 23 when I studied there :) It still used my dob though.
Well in this particular case, it's like protecting it with a consumer grade padlock, and then having someone who works for the padlock company give the thief a key to the lock. The reason he's suing is because AT&t failed to follow their own protocols for identifying the customer.
Oh come on. Bootstrapping <anything> is hard. Identity isn't special. When bootstrapping, you base initial migration work off of existing systems, until you reach critical mass and the adaptation on top of existing systems are no longer relevant or necessary. You might as well argue that passports are worthless because it's not that theoretically difficult to fake the foundations of identity to a good enough level in order to get a genuine passport. As long as passports are unique-enough (no two people are identified by the same passport), they're good enough. And so is any other system which succeeds at consistently identifying the same person.
Biometric data can be replicated, e.g. fake fingerprints and synthesized voices. Good facial recognition is still a step ahead of scammers but they may catch up at some point. And you can't easily change your biometric data if someone manages to make a copy.
At this point everyone knows passwords by themselves are not good enough.
Physical tokens like Yubikeys can be stolen, although that's clearly more difficult than stealing some of these other identifiers.
If everyone had a cryptographic private key, they would have to store it somewhere -- how would they keep it secure without resorting to one of the flawed systems I just mentioned?
So, I find it difficult to blame companies for using phone numbers as identifiers -- it's easy, and all of the alternatives are also flawed. I haven't seen any foolproof identifier, probably because it's not possible to create one.
Everyone gets a national ID number. This number is considered public and is used for signing up for public and private services.
Everyone gets a ID card, issued by the government. This ID card holds a private key, used to enter legally-binding agreements, and the card is printed with the photo of the holder. Attempts to use the card to authorize purchases online redirect to a government-managed identity provider (think SAML 2.0), where the user must provide either a password (preferable) or, if there is no password, some other knowledge proof that is not discernible from the physical ID card, either of which were set up when the card was issued. When people become incapacitated for publicly-known reasons (incarceration, hospitalization, etc.), their public certificates are temporarily added to a revocation list. When issued, the card comes with three one-time-use secret codes, each of which triggers a 24-hour temporary revocation, which must be kept secret-enough to prevent abuse. Obtaining more temporary revocation codes, or permanent revocation (in case of loss or theft), or password/knowledge proof reset without the previous password/knowledge proof, is handled in physically secure government facilities, by providing DNA and other biometrics, that were registered when the card was issued and are not used for any other purpose. Corruption is combated at the DNA-collection stage by requiring the secure facilities to actually collect fresh physical samples each time - this constitutes a biological sort of paper trail for auditing revocation requests.
No, it's not impossible to game the system. People can be bribed to overlook the photo; DNA can be stolen and used to continually permanently-revoke victims. Paper trails are not magic cure-alls. There are serious ethical concerns with entrusting the government with a populace's DNA (particularly, the potential to re-index it for the purposes of ethnic cleansing). And yet, when compared to modern-day systems, I'm hard-pressed to complain. If you ask, quite simply, which is better, the system proposed above or the contemporary system, one or the other, I have a hard time imagining people defending the contemporary system.
Everyone resident in Sweden must be registered in the Swedish Population Register, and receives a personal identity number. Due to the Swedish constitution, information held by the government must be publicly available, so people's names, dates of birth, addresses and indeed identity numbers are not secret (though the last of these isn't on Google). This means that in order to prove your identity, people use ID cards and corresponding digital ID issued by the government and banks. Said digital ID is a passcode-protected certificate, either on a phone, a computer, or a physical ID card.
The government doesn't have your DNA here though, although citizens' passports and ID cards contain fingerprint data.
It's small, hard to exploit flaws vs. large easy to exploit flaws.
> If everyone had a cryptographic private key, they would have to store it somewhere -- how would they keep it secure without resorting to one of the flawed systems I just mentioned?
Physical smartcard/smart SIM/phone. You have to steal something physical + get the PIN. Definitely possible, but really hard and if that gets lost you have to go to the Police, get yourself re-identified and get a new card. Compared what bullshit of an identifier a phone number is Estonian system is miles ahead.
The only real attack against that is supply-chain attacks, which is why the government buying such tokens should audit the whole supply chain, and they should either pay for a replacement if the tokens are ever compromised or make the manufacturer pay if it's their fault.
Personally, while I understand no one can take it seriously, I think our private components would be a better fit than faces. It would make for an interesting future to say the least.
Also, phone numbers are pretty useful for contacting people, and most people have an address book with their friends and family and other important contacts. There's tremendous social value for people in those numbers continuing to work, to the extent possible. You're never going to be able to tell everyone who might want to know when your number changes, especially if you for a new number when yours was assigned to someone else.
In case this is not a rethorical question: Using the backup codes or a copy of the barcode you printed.
Regardless of what method you use I assume you want a secure backup method.
> but you can get a new sim
Maybe easily if you are a private person and happen to lose the phone in your home country during opening hours. I tried this method once but the company just forwarded me to the internal helpdesk of the company I work for (this is a good thing, but previously they issued SIM cards to me). Got a sim like a week later.
* By using the TOTP recovery codes (you did write them down, right ?)
* By using a TOTP client on another device (the client I use syncs it's (encrypted) database with all my iDevices)
* By restoring from a backup of your phone (you do have a backup, right ?)
2fa on phone totp is safe; SMS 2fa is less safe, prone to easy attacks. For phone somebody need to come n physically snatch your phone, get app lock password from you. For SMS, in few countries, not in India(in India either you need to prove that you own that existing SIM by getting a code there, or by seeing a customer service desk) a bit of social engineering & few answers from Facebook profile enables hackers to get a copy of SIM.
This is worse. (edit: i.e. easier for the attacker since they don't need physical access to your device.) You still control your phone, but the attacker takes your phone number.
It would be great if we all had something big more secure, but in the meantime understand your carrier's port out process and that you have your number secured.
From thirty years distance, trying to re-connect to my UK pension rights, as a non-resident migrant, it floated back up into my consciousness instantly. I suspect even with dementia its one of the digit strings I'll hang onto.
FWIW former forces probably have their serial number forwards and backwards because of hazing. I only have my NI number because of money.
Why not distribute the authentication factors among multiple trusted parties instead of a single person? This would not scale for normal use cases, but could help for mission critical updates. For example, if I change my gmail password or port my phone number or update my auth factors (which are all considered major/mission critical changes), then the change has to be verified by at least 51% of my trusted contacts. So, instead of verifying authentication just with me, the provider has to send 2fa tokens to all my trusted parties (my spouse/partner, close friends, family members, etc). If 3 (out of 5) have verified and approved the change, then the provider would implement the change.
(interesting Planet Money episode on the history of the SSN)
I believe this is being exploited on a regular basis and people just have no clue. This is likely used for anything from gaining access to email accounts to insider trading to political leverage to who the heck knows what else.
For instance, if I change phone company and decide not to keep the number or they're unable to transfer it, can it be assigned to someone else?
For some reason it has become fashionable to force 2-factor authentication on users using SMS as the 2nd factor. That is a terrible idea, and yet it proliferates, especially at most calcified institutions (banks, DMV, twitter). This has to end.
There’s a parallel system through the various passport and trusted traveler schemes that are controlled by the US government directly as well.
I think the west as a whole would change fast when this information is used against them in war with a formidable adversary(russia,china...)
Actually, there is a solution for using them to sign stuff - but it's proprietary in any case, and requires expensive certificates.
It's a perfect model of "the tech would be there but government is incompetent/corrupt and so it is not freely available for the benefit of citizens".
> The use of phone numbers as both lock and key has led to the rise, in recent years, of so-called SIM swapping attacks, in which an attacker steals your phone number. When you add two-factor authentication to an account and receive your codes through SMS texts, they go to the attacker instead, along with any calls and texts intended for the victim. Sometimes attackers even use inside sources at carriers who will transfer numbers for them.
I currently authenticate on my iPhone with fingerprint. How hard is that to crack? If you had the victim's fingerprint, it's apparently trivial . But accessing my fingerprint is not something that a random hacker/thief on the Internet would reasonably be able to do.
Since our phones are becoming our life-key. Would a 3-factor authentication sufficiently protect us?
Something you have: SmartPhone.
Something you know: Password.
Unique part of you: Fingerprint.
You can't change them and you leave them everywhere!
They're good against stopping your nosy family members from seeing your password, but what am I supposed to do when dining or paying someone? Wear gloves?
If the cybersec game turns into "collect physical fingerprints" then the gangs are going to collect physical fingerprints and then what?
What we need is something dynamic that's hard to fake, like a human voice or face, tied to a government issued cryptographic device with no input ports / volatile memory / inbound network adapter.
You say a challenge sentence out loud. The device validates. Then the device signs or authenticates or whatever. For integrity it could optionally encrypt and broadcast what happened.
You lose the device, you get a new one just like you get a passport. In person with other documents, etc.
This really isn't that hard. We could have done it decades ago.
Last year Lyrebird (https://lyrebird.ai/) released a demo that cloned several Presidents' voices. So while I agree with you that fingerprints are a poor choice, voice isn't better.
Regardless—possession of the device is half the battle. Authentication of the individual is the other. Even if the authentication portion is broken at worse what this means is that someone that stole your device can impersonate you. Not great, but not enough of a reason to completely disqualify voice as a mechanism.
They're useless when you try to substitute some primitive bit of electronics, like those built-in print scanners. And so nobody should expect to use biometrics for Internet security.
I don't trust my government to be competent at cryptography.
Some people don't trust their government to be non-malicious.
I just find this type of thinking pointless.
We know for certain that we're getting hacked daily with constant identity theft and rather than have the same people that we entrust with our tanks, bombs, guns, lasers, and satellites to be competent at a simple key signing / rotating physical device we're going to what, use our fingerprints with our bank?
A physical device that everyone has is going to be torn apart by everyone. The last place they'd put something malicious would be in something that diffuse.
Which government is it? If it is the US, you might as well not trust any cryptographic schemes, considering how many of them were developed by NSA.