Luckily the world is mostly full of ‘white hats’ as the term is used.
In a day to day / data form driven world. The sweet spot of rigorous authentication while allowing people to forget passwords doesn’t really take into account the ‘systemic’ risk of standardizing authentication questions and other unique ways to identify you it seems. It is a bit like talking to dad before asking mom for candy.
Some form of Multipoint authentication using an RSA Code Keychain + Phone has to be a better way. Just using SIN for example. it is a number that is floated about in many of your applications, yet it is supposed to be private data as well… A paradox.
There are clearly a bunch of ways to poach data in this world. I do hope we find a great way to solve for this before a big data tsunami ‘event’ hits.