Biometrics is just something else to get leaked, terrible idea because it's even more sensitive (can be used to track you through cameras for example, like used in the Iran war).

This problem has long been solved with federated IdPs and MFA - something you own like OTP device/physical token besides something you know like SSN/tax id/password.

Most governments prefer biometrics of course because citizen privacy is the opposite of what they want.

Based on how things are, I feel like the US solution is just going to end up with me requiring a retinal scan to buy pants from Target online and then that scan will end up on the dark web along with my voice print and a scan of a my driver's license.

In the Netherlands, there's a single ID you use for all official government services. It's essentially username/password with MFA, issued by the government. What is neat is you can scan your passports NFC chip with your smartphone as a means to verify your identity through this system.

Not sure how it solves any of the data breach issues, though.

> We should think of how to verify people's identities online

France already has that, in multiple ways.

There is the France Connect SSO, which is kind of a federated SSO. You need at least one account which is physically proven (it could be with the Post Office which send you a letter with a code to confirm your address and idenntity / ask you to physically come to a post office for an ID inspection; the tax authority where there are also multiple physical verification hoops, the social security system, same), and can use that via the SSO to authenticate to all government services.

Separately, there is an app proposed that scans your physical ID's NFC chip with your biomettrics, compares that to a selfie you take, and uses that identity to authenticate you to stuff.

I can make a new password, hard to get a new eyeball.

[dead]