Very surprised, suddenly a 12306 booking information sent over the name XXX, but I do not know, first of all is to guess their legitimate mobile phone number identity theft, and later was a legacy of the immediate past owner did not unbundle this phone number.
Wanted to use the phone verification codes 12306 through the official website or forgotten password way to see who is up to no good, I did not expect and can not forget the login password can not log in directly through the phone code, you must enter the number of documents directly through the phone verification code . So only by calling 12306 after artificial customer service, successfully unbundling XXX, and bind after a personal capacity, customer service said it was not the owner took office phone number updates due, after not receive such information.
And this experience makes me think of the site on the Internet like a phone number that is everything, and be able to enter the correct code it means that this person is a person (of course, this is true in many cases). If this is my design of the system, the next owner will not be free to log in and view any information system, then let? First, by binding the current mobile phone number identity, but later changed the phone number and no unbundling current phone number, or forget to have registered on this site. Then the next owner in the case could have this number can be modified by direct verification code or password to log verification code, the information on the owner's term will be a glance, I think also quite reasonable, but also scared.
So, I thought for a moment, 12306 approach is not just a better arrangement? Yes, opposite, this approach compared directly by determining codes is good practice. One more step to force the real-name registration forgotten password and then enter the identification number verification is indeed more than a layer of protection, it is absolutely safe? Can not be too absolute, misunderstandings, surrounded by relatives and friends 99.99% will not harm you, it can not guarantee that 0.01% will not?
Also, the fingerprint certification is now popular, I do not know the phone will not lose the case, was illegally collected by the screen fingerprint and fingerprint verification, it is difficult to say, I do not know. .
It seems personal identity security work still has a long way to go.