Identity Theft, Impersonation or Weak Authentication?

Although Identity Theft has entered the lexicon, it is just sloppy journalism. Nobody is stealing the identity of another person, what they are doing is stealing identifying information about other people. This then becomes a problem because all too many companies, organizations and systems use identifying information as an authentication token.

  • Ever seen a library system that uses the last four digits of your phone number as your password?
  • Have banks finally stopped asking for Mother’s Maiden Name?

The problem is that Weak Authentication has become the default for too many companies, organizations and systems, and our legal systems have not put the onus of fixing this in the right place.

Why is it suddenly the victim’s problem when a bad actor takes out a loan in the victim’s name?