It appears that Facebook is expanding their use of requiring users to send them a picture of a Government issued ID in order to unlock their accounts.
In other words, anybody with Photoshop (probably just Paint) can convince Facebook that they're who they say that are.
Really?
http://idealab.talkingpointsmemo.com/2013/01/instagram-asking-for-users-government-issued-photo-ids-now-too.php
If you can't authenticate a user - just admit so and move on. Don't engage in security theater and force legitimate users to place their own PII at risk (cause you know that some users will not sanitize the picture before emailing it in.)
No comments:
Post a Comment