[PLUG-TALK] Has 2-stage authentication been abandoned?

Keith Lofstrom keithl at kl-ic.com
Tue Mar 21 21:32:28 UTC 2017 

On Tue, Mar 21, 2017 at 10:08:55AM -0700, Rich Shepard wrote:
> ...
> most folks access to Key Bank's web site requires answering a security
> question 
> ...

Security questions?  Harrumph. 

In the social media age, when people publish their
innermost secrets in full detail to the net, such
questions as "what is your favorite song?" are insane.
Billions of people can find out the answer with a one
minute web search.

When I answer their questions with my own nonsense
answer, I must remember which nonsense answer goes
with which silly question from which institution.

I would prefer to choose my own questions, thank you.

Better than that, I would prefer authentication services
staffed by professionals who are good at remembering who
individuals are.  Pacific Continental Bank in Beaverton
has staff who greet me by name when I walk in the door,
six months after my last visit.  I would pay extra to
have them identify me to other institutions.  

Someday, after enough AI-assisted internet robberies,
human identification services will be essential
businesses that individuals will pay good money for.
"Two factor" will mean two different services (out of
many) with quite different methods, but both dedicated
to preserving the assets, safety and reputation of
their individual clients.   

Not "what you know", but "who knows you".  Identifying
individuals is a neurotypical talent that is difficult to
automate.  Security questions pander to autism-spectrum
geeks ... until hidden cameras and microphones become
good enough to capture the typed answers.

----

I was thinking just this morning about how much I would
pay for a service that kept up-to-date identification and
medical information about me, formatted for the data entry
systems of every emergency room in the region.  If I show
up in an ambulance, ER staff can look at my wallet or
medical bracelet for a QR code, compare web-accessed
pictures and other physical descriptions, then admit me and
begin individualized treatment in seconds.  Time is tissue,
and specificity avoids lethal mistakes.

Keith

-- 
Keith Lofstrom          keithl at keithl.com

More information about the PLUG-talk mailing list