ID.me question

IBMJunkman

Senior member
May 7, 2015
760
270
136
Had to create an account to access the IRS. Just got an email extolling the virtues of ID.me which mentions many of the sites I can use it with.

Which leads me to my question. Does this not fly in the face of the idea that you use unique passwords for each account? One password and the 2FA challenge gets me into IRS, SS, Veterans Affairs and various State agencies.

Does not seem that smart. Am I wrong?
 

mindless1

Diamond Member
Aug 11, 2001
8,422
1,590
126
Well there is the 2FA...


I started using it to get the Lowes and Home Depot, 10% military discount.
 
Last edited:

Steltek

Diamond Member
Mar 29, 2001
3,277
1,027
136
Had to create an account to access the IRS. Just got an email extolling the virtues of ID.me which mentions many of the sites I can use it with.

Which leads me to my question. Does this not fly in the face of the idea that you use unique passwords for each account? One password and the 2FA challenge gets me into IRS, SS, Veterans Affairs and various State agencies.

Does not seem that smart. Am I wrong?

None of the available options seem to be either safe or smart anymore. We are only protected due to sheer numbers, so the chance is exceedingly small that you will be targeted by someone to hack.

BTW, you also have to upload a picture of your ID in order to establish the account with ID.me.

Something I'm just absolutely loath to give to a privately or publicly held corporation, given the complete lack of legal liability and accountability any corporations seem to have these days for the data they hold whenever they (inevitably) get hacked.
 

Steltek

Diamond Member
Mar 29, 2001
3,277
1,027
136
Login.gov has now started requesting copies of IDs to access certain government websites, as I found while assisting my mother with her federal health insurance open season this year.

So, in the end, it won't matter whether you want to do it or not. The government is going to force the issue.
 

mindless1

Diamond Member
Aug 11, 2001
8,422
1,590
126
None of the available options seem to be either safe or smart anymore. We are only protected due to sheer numbers, so the chance is exceedingly small that you will be targeted by someone to hack.

BTW, you also have to upload a picture of your ID in order to establish the account with ID.me.

Something I'm just absolutely loath to give to a privately or publicly held corporation, given the complete lack of legal liability and accountability any corporations seem to have these days for the data they hold whenever they (inevitably) get hacked.
Not sure that I agree. You upload a picture, but that could only be for verification purposes by a human, then that doesn't necessarily mean the pic persists. Maybe it does, I really don't know but I don't think that a pic of an ID card is enough for a compromise since even a car dealership can make a scan of your ID if you want to take a test drive.

Similar for other info, some more responsible sites don't store this info, just use it for initial verification, and even passwords are encrypted with hash that isn't backwards engineerable.

I do agree about lack of accountability, being unfair, but this is the modern life we live in. Personally, I am the reverse, that I am annoyed by 2FA and don't want to use phone/email/etc to do what I've always done in the past without that. I don't otherwise engage in dodgy connections so I'm forced to have this extra burden for those that do.