Hacker News new | past | comments | ask | show | jobs | submit login

So you force your parents/kids/aunts/etc to give you a one time code every time they want to talk to you?

That seems extremely clunky and impersonal and I couldn’t imagine anyone in my family willingly agreeing to do it.




You're missing the point.

If somebody deepfakes someone in your network, it will most likely be for scamming / monetary purposes. (I don't care much about being pranked)

So you don't need to verify identity for a casual chat with a friend or family member.

On the other hand, here is a real situation that happened 3 days ago.

I get an instant message from my COO Nirina: the bank website says she needs a new auth code to be able to enter new wire payments for me to sign and pay the team. She provides me with the link the bank has referred her to ; a URL the bank says I need to access (with my higher privileges) to generate a new auth code for her.

First of all,

- Whoever the source is, there is no way I'm clicking that link. If I'm going to do anything about bank access codes, I'll login by manually typing the URL and I'll navigate the website myself.

Second,

- I would trust Nirina with my life. But should I trust that the person sending me that link is Nirina? I mean, if you got hold of her laptop on a business day, it wouldn't take you more than a couple minutes of snooping around to figure out that she's messaging back and forth with the company's CEO and hereby lies opportunity.

So how do I check it's her?

- I could call her (and fall for a deepfake)

- I could ask for something "only she would know" (and risk the chance that the answer can be guessed, or can be found somewhere in our several-years-long messaging history or on our 10-year-old online Drive)

- or... I could say "what's the code that proves this is from Nirina?" and wait for her to send me an OTP code matching mine.

Obviously I am not doing that every time someone from my team sends me a message.

Oh and by the way, I put this is place the day after someone tried to get access to our Meta Business account by impersonating someone on a Zoom call with me... it's not paranoia if they're after you!


I mean, not every time, but if someone is asking for money because they're in the hospital/jail/something, it seems prudent to have some sort of system set up these days.

you can't plan on everybody never having something come up.




Consider applying for YC's Summer 2025 batch! Applications are open till May 13

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: