undefined | Better HN

0 points9x396mo ago0 comments

When a credential is stolen, its validity across multiple unrelated services is often checked by credential stuffing. That's just one type of simple attack.

Has cybercrime been rendered obsolete with a government credential? Why is this master account immune to theft? On the contrary, it appears to be a credential that once stolen, could be more impactful than having your primary email account and phone compromised.

It's reasonable to be concerned even just from an infosec perspective.

0 comments

kelseyfrog6mo ago

Is this a _could_ happen or _has_ happened type problem?

I'm trying to understand if it is speculative or if we have a base-rate for occurrence.

crazygringo6mo ago

What master account are you even talking about? That's not what this is.

The subject was a system being breached.

And the account you set up for a driver's license is generally different from the one for your health care. If you're reusing the same password for both it doesn't matter if they're linked by the same digital ID number or the same email address or just the same name and birthday.

A digital ID number isn't changing anything here.

9x39OP6mo ago

In the UK's own post linked below (also in the OP), they describe what's more than a digital ID number. It's credentials. Which humans are bad at handling. And there are always implementation flaws, because we're humans.

https://www.gov.uk/government/news/new-digital-id-scheme-to-...

crazygringo6mo ago

I think you're misunderstanding the article. When it says:

> Digital credentials will be stored directly on people’s own device

This is a credential you show. It's visual. It's not a login password.

j / k navigate · click thread line to collapse

0 points9x396mo ago0 comments

When a credential is stolen, its validity across multiple unrelated services is often checked by credential stuffing. That's just one type of simple attack.

It's reasonable to be concerned even just from an infosec perspective.

0 comments

kelseyfrog6mo ago

Is this a _could_ happen or _has_ happened type problem?

I'm trying to understand if it is speculative or if we have a base-rate for occurrence.

crazygringo6mo ago

What master account are you even talking about? That's not what this is.

The subject was a system being breached.

A digital ID number isn't changing anything here.

9x39OP6mo ago

https://www.gov.uk/government/news/new-digital-id-scheme-to-...

crazygringo6mo ago

I think you're misunderstanding the article. When it says:

> Digital credentials will be stored directly on people’s own device

This is a credential you show. It's visual. It's not a login password.

j / k navigate · click thread line to collapse