Hacker News new | past | comments | ask | show | jobs | submit login

How would this work? If this was possible, that would mean an Apple employee is verifying the ID. This has failure modes. See SIM swapping attacks.



There's a wide set of possible approaches between "let any employee validate any ID" and "never let someone into an account that they have lost the credential to."

E.g. you could make it costly to attempt, require a notarized proof of identity -and- showing up at the Apple store, and enforce a n-day waiting period. A different employee does the unlock (from a customer service queue) than accepts the paperwork.

We don't lock people out of financial accounts forever when they forget a credential. It could definitely be solved for other types of accounts.


Aren't SIM swapping attacks only such a problem because you can get a new SIM without showing up in person with ID?


No, they're also a problem because you can run into a storefront and snatch the employee's authenticated tablet, regardless of what company policy is.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: