Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
ryandrake 2 hours ago

> in order to identify me

We should stop accepting this ridiculous excuse. Our phone numbers are not identifiers. How does me telling a bank "My phone number is 123-456-7890" give them any assurance whatsoever that I am the person whose name will be printed on a loan document?

kleiba 2 hours ago | parent | next [-]

Well, my case is the best proof of that: the phone number I ended up using was my mom's.

It's most definitely baloney because I also had to provide ID. So, certainly there is no way I could identify myself "even more" by giving them a phone number than by giving them a government issued ID.

guidedlight 2 hours ago | parent | prev | next [-]

> Our phone numbers are not identifiers.

I think you missed the point. The process creates an identifier, by strongly associating you with the phone number.

This association allows the bank to quickly establish your identity later when you call up or use online services.

ryandrake 2 hours ago | parent [-]

As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate.

bradlys 33 minutes ago | parent [-]

It’s not ridiculous. It’s for you to verify. It’s setting up 2FA. How can you not understand that?

ryandrake 23 minutes ago | parent [-]

2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that.

mindslight 2 hours ago | parent | prev [-]

It's not necessarily just for the 2FA snakeoil. The worst places snap on a glove and proctologize your network identity metadata (spilled by all the underlying carriers, IIUC), and sometimes even billing records with your name and address (more vulnerable if you're still on a postpaid). The US desperately needs a port of the EU's GDPR, for starters.