Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
afarah1 5 days ago

The solution already exists: MFA and IdP federation.

One factor you know (data) and the other you posess, or you are (biometrics).

IdP issues both factors, identification is federated to them.

Kind of happens when you are required to supply driver's license, which technically you own and is federated id if checked in government system, but can be easily forged with knowledge factors alone.

Unfortunately banks and governments here use facial recognition for the second factor, which has big privacy concerns, and the tendency I think will be federal government as sole IdP. Non-biometroc factors might have practical difficulties at scale, but fingerprint would be better than facial. It's already taken in most countries and could be easily federated. Not perfect but better than the alternatives imo.

SoftTalker 5 days ago | parent | next [-]

I'm unconvinced that biometrics are a good approach. You can't change them if a compromise is discovered.

afarah1 5 days ago | parent [-]

I also don't like it but it seems to be what most institutions are going for.

It's a strong factor if required in person, the problems start when accepting it remotely. But having to go to the bank seems like the past.

eptcyka 5 days ago | parent | prev [-]

So what? My data will still get sold online and then agencies/businesses will take advantage of it to do differential pricing. 2fa does not solve the problem of data leaks.