Well, there's an unpleasant reminder of why knowledge-based authentication should never be based on something immutable.
How many services do all of use use that accept name/birthdate/SSN as identification? How many other services, like phone companies, claim not to but would still yield for someone who sounded earnest and knew all of that?
And what can the leak victims possibly do? TFA is great where you can get it, but it's not universal, and none of this information can be refreshed.
How many services do all of use use that accept name/birthdate/SSN as identification? How many other services, like phone companies, claim not to but would still yield for someone who sounded earnest and knew all of that?
And what can the leak victims possibly do? TFA is great where you can get it, but it's not universal, and none of this information can be refreshed.