Exactly. A government system providing the last line of authentication defense would be ideal. A single point of access where you can say "my credentials have been compromised please shut down those credentials and help me create new ones", and where businesses can check "hey is this person linked to a real account? Can I get a hash to confirm that the account is unique?".

The government solution is the one that enables identity theft. Right now that means taking out credit in someone else's name etc., and we put the cost of that on some large organization or insurance company and just eat it.

Start using that identity mechanism for everything and that vulnerability spreads to everything. Someone compromises your ID and then starts trying it against every service on the internet. They get your bank and retirement savings and drain your accounts, ransomware all your files and your employer's files, read through your messages on every platform to find something to blackmail you with so you don't go to the police, sign into your router and use your IP address for criminal activity etc.

I'd much rather be told to go fuck myself by one service than have my life wrecked because a low level bureaucrat issued someone else a universal ID in my name.

> The government solution is the one that enables identity theft. Right now that means taking out credit in someone else's name etc., and we put the cost of that on some large organization or insurance company and just eat it.

How do you get back a compromised Google or Facebook or Twitter account?

If your former spouse changes your password on google and is able to answer every security question you've set up just as well as you can... what can you do about it?

On the other hand, when the change of address form at the post office goes in you can walk into the post office and say "this is my government issued ID and I still live at this location. Change my address back to my proper residence and put a hold on future address changes for that address without verification."

> How do you get back a compromised Google or Facebook or Twitter account?

If you had 16 followers, create a new one. If you had 16M, you get on the front page of HN etc. and they fix it.

> If your former spouse changes your password on google and is able to answer every security question you've set up just as well as you can... what can you do about it?

Have them prosecuted for fraud so they have to change it back. You don't need centralized identity for that.

> On the other hand, when the change of address form at the post office goes in you can walk into the post office and say "this is my government issued ID and I still live at this location. Change my address back to my proper residence and put a hold on future address changes for that address without verification."

So instead your ex files the ID renewal form with an "updated" picture of their friend instead of you, has the new ID sent to your old address (i.e. their address), and then prevents you from filing a change of address form or getting a new ID.

You can't rely on either, not for auth, not if you want to actually own it. People fall through the cracks everywhere, so there shouldn't be any cracks to fall through.