Sure, but you're not spending all day running customer service "DoS attacks" against people's bank accounts. Even if "it's gibberish, and I forgot it, can't you please help me out" only works one time out of a thousand, do you really want to bet your bank balance on a weak link customer service rep who's just a tad too eager to help?
I think it’s all debatable. That human will always be a weak link. It just takes one representative to forget to ask or get convinced with “oh it’s my wife’s mother’s maiden name and my wife isn’t here and I’m in a real bind”.
But in exchange, my security answers are no longer compromisable online. I think overall it’s a positive trade off, but that’s just my hunch.
I agree, I think they’re a real problem. I think it’s possible to eliminate human error over the phone too. Perhaps design a system that doesn’t let the representative into your account until they type in the 2FA token your phone provides or something (I don’t really know, I’m far from a security expert)
