Hacker News new | past | comments | ask | show | jobs | submit login

Undoubtedly Equifax will claim that the hackers were agents of a sovereign power, to escape liability. Regardless, they admitted on their own web page that there was a flaw in their web application.

Biometrics would be a terrible idea. Mass surveillance, anyone?




> Biometrics would be a terrible idea. Mass surveillance, anyone?

What if the biometrics were stored on something you have - say a smartcard (definitely not a phone!)? Along with a PIN. Plus, these two items went into a "write only" store on the card (actually, a hashed value of both are stored).

You have a card reader (one at home - and any place you are doing a transaction to confirm identity also has one). You put in your card. Type your PIN. Present your (physical) biometric.

The reader takes the data, passes it to the card (or maybe the card has the reader and pin pad?). The card runs the hashing again, and compares the values. If all is good, it outputs a "Yes" otherwise a "No".

Remember, only the card holds the data (a hashed version) of the biometric and the PIN. That can only be written (you can do this with your terminal at home?). The only output the card has is that "yes/no" value.

All transactions of such nature would be done with this card.

I'm probably missing some steps or such - but the idea is there. That gives a 3-factor authentication system.

Don't expect it to ever be implemented.


I was not aware the citizenship of the hackers had any bearing on Equifax's liability in this case.


If it's a foreign government it's considered and "act of god", (I.e. Something out of their control) which releases a lot of liability.


to me if you store passwords in plaintext, it is criminal negligence even if God himself did the hack


Force Majeure




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: