Me: Holy crap. Thank you so much for answering. I've been trying to call for days.
Operator: You're welcome. I'm going to need some information to verify it's you. What's your <phone number that you lost and forgot>?
Me: ...
I never did find my phone number in time. So I wondered if there was a better way to authenticate people over the phone.
If I can log in to my online social security account, why can't the phone operator send a 2fa push notification onto my account? It would be much quicker to relay the 2fa numbers that popped up on my screen to verify that I have access.
I think this is more secure than verifying personal information over the phone because no sensitive information is transmitted over your insecure call, just a temporary 2fa number.
Furthermore, since this account contains the most sensitive information, most people take more steps to protect it by using longer passwords and gating access to it with an authenticator app or a YubiKey (This OTP device significantly reduced account takeovers at Google).
Of course, not everyone may have the option to use this verification method, so existing authentication methods should still be in place, but I hope to see more banks and government services use this approach.
Anyway, I hope you're doing well. If things are a bit lonely and you're looking for a friend to talk to, I am as well, and we should definitely take some time to chat. Have a lovely week!
- Curtis