Archive for the ‘Modern Life’ Category

Table Based Collaboration

Monday, January 23rd, 2012

I’ve been supporting our department wiki for many years now.  The most used feature is basic rich text, as you would expect, but the next most popular feature is tables.

Over time, I’ve identified a particular kind of collaborative function that people engage in when they are coordinating activities.  I don’t have a good name for activity, but I’ll call it “table based collaboration”.

In some corporate cultures this is till done by sending giant Excel spreadsheets around as email attachments.  This is the main option available when collab services (like wikis) are not available or practical for all the participants.  In this model, the owner of the process owns the spreadsheet makes the updates based on email received from the participants.

A more collaborative approach uses any form of wiki to create tables on wiki pages.  Depending on the data, it’s also possible to use a bulleted list format instead of a table, but the data itself and collaboration process is the same.  There’s a big jump in ease of use if the wiki supports rich text table editing.

I’ve tried about a half-dozen different wiki implementations of tables, and none of the rich text table editors are worth using in a produciton environment.  As soon as you do any kind of formatting, the entire table converts from wiki-syntax to raw html.  And after that point, the first formatting bug (that can’t be fixed by the rich text editor) becomes impossible to correct by direct-editing.

The lack of decent rich text table editing means that you need to stick with the wiki-syntax for tables, and edit them by hand.  This is workable, but forces the participants to have passable fluency in the wiki syntax and whatever foibles it has.

Another way of enacting table based collaboration is to use an actual database with a simple web interface.  We have several examples of this in my organization.  It’s generally implemented using an off-the-shelf database of some kind.  By definition, the table never needs to be joined with anything, and there’s only a single table.  If your “table based collaboration” sprouts any extra tables, then it turns into a “department web application” and it falls outside the realm of this discussion.

There are an endless supply of web application frameworks which have an simple process for creating a simple web app.  But the process of creating it still requires the owner of the process to learn the framework and generate the web app.  It also requires someone to set up and maintain the web application itself.  These solutions are not suitable for having a non-web-technical person set up a new table.

If you look at each of these mechanisms, each one has pros and cons.  Factors to look at are: 1) Does it require centralized infrastructure? 2) What are the platform/tool requirements placed on the participants?  The leader?

In the final analysis, I think something like a Google Docs spreadsheet provides a sweet spot of accessibility, formating and overhead.  Unfortunately, it’s not appropriate for a department-level solution.  Using Google Apps for proprietary company data needs to be approved as a company-wide policy, you can’t just download it and start using it.  Approving it for use for company business is appropriate for some companies, and not for others.

What I’ve been looking for is a web-application that allows end users to define a set of columns using basic types (string, date, enumeration, etc) and provides a simple spreadsheet-like interface for adding/removing/modifying data.

I’ve been so frustrated recently that I’ve been thinking about recommending that people go back to mailing around OpenOffice spreadsheets.  Some general purpose wikis get by with less-than-ideal behavior when two people make updates at the same time. So, in some cases the collaborative aspect of the solution (like wiki tables) costs more in synchronization headaches than what it would cost to have one person do all the updates.

 

OpenOffice loses this round

Thursday, July 16th, 2009

I use spreadsheets every now and then for pretty trivial things.  Recently I’ve been using google docs spreadsheets because they were online and editable from different locations easily.  A few days ago I tried to use OpenOffice for a fairly simple sheet.  I’ve used OpenOffice on and off for years and years without ever becoming a power user.  After 30 minuets of trying to work with my very simple data, I realized I’d spent 28 minutes trying to figure out how to do basic operations that I took for granted in google spreadsheets. So here are the first few things I tried to do that were not as simple as they need to be:

1) Create a header row.

In OpenOffice, this is a “Window” option, and you find it under “Window -> Freeze”.  In google, I don’t even remember doing it, I think it just happened automatically somehow. (Addition: Even after using Window->Freeze, when sorting you still have to check the hidden box “Range contains column headers”)

2) sort rows by the value in a chosen column.

In google docs, when you hover over a column header, you get a pull down arrow that lets you choose A-Z or Z-A. That’s all I’ve ever wanted to do.  In OpenOffice, there is a prominent A-Z icon in the toolbar which does something stupid. (Sort the selected column regardless of other data).  The sort rows feature is under “Data -> Sort” and brings up a popup to configure the sort.  More than I needed.

3) reorder columns

In google docs I just drag a column left or right where I want it.  In OpenOffice the only way I found was to copy the data out of column, add a new column, and paste the data into the new column.

It would seem that spreadsheets are for manipulating tables of data, and it seems that there are many more small tables in the universe than large tables.  So why not optimize for quick and simple operations that casual users do all the time?

I guess I’ll stick with google docs for now.

Mac OS X — Dock review

Friday, May 22nd, 2009

I’ve been using Mac OS X 10.5 (Leopard) for a week or two as my main desktop environment, and I’m really liking the Dock for icons and such.  For the last 20 years, I’ve wanted a window manager that combined the quick-launch buttons with the running program icons.  I’ve finally gotten my wish.  But after using it a while, I think there are some rough edges.

Here’s my version of an overview of the Mac OS X Dock:

Icons are used to represent several kinds of objects. On the left side of the dock are objects that represent applications.  On the right side of the dock are several distinct kinds of objects. 1) The trash can, 2) folders, 3) iconified windows

Application objects represent shortcuts for starting an app, if it’s not already running.  If the app is already running, there’s a small visual indicator next to the icon, and clicking it brings up one of it’s windows (the main one, the last you had focus in? I’m not sure).  But the application’s windows also show up on the right hand side of the dock.  When you click on a folder icon, you get a very nice pop-out menu with icons for each object inside, very convenient!  When you click on the icon for a running app, AND that app has more than one window, you should get a pop-out menu letting you choose which window you want to select.  It seems like a no-brainer to me, it just makes the interface more consistent.  And the dock would also quit jumping around so much and jiggling left and right as you open and close windows.

I’ll keep my fingers crossed for Snow Leopard, the next version of OS X.

Twitter needs to be commoditized.

Saturday, April 25th, 2009

Twitter needs to be commoditized. What do I mean by that? I mean that the Twitter message streams need to interoperate with all my other message streams. Twitter is just a bunch of logical message streams from different people. I don’t really care if my messages are coming via twitter or RSS or IM.  Why?  I’ll tell you.

I variously use OpenSolaris, MacOS and Windows most every day, and Firefox/Thunderbird/OpenOffice is my common app platform.  So I’m using TwitterFox to keep up with twitter.  It’s very good as an entry level Twitter client, but now I’m tempted to use something I can customize a little more.  But I’ve already got daily messages coming through several other interfaces, and I don’t want another application.  All I want is access to the twitter message streams.

But wait, you say, twitter is different because you can read and respond instantaneously!  And it’s a multi-way conversation! And it’s limited to 140 characters! But is it really that different at heart from what’s come before? Thunderbird has little popup windows for new mail, and people frequently use email for nigh-instantaneous conversations.  Both IM and IRC are instantaneous and they support multi-way conversations. Why haven’t I heard more about IM and IRC gateways with Twitter? The vast majority of my IM and IRC messages are less than 140 characters, nothing new about that.

In my opinion, the defining feature of twitter is that the clients provide an all-in-one chatroom interface as the primary way of viewing the data, but you get to easily choose who’s in the chatroom.  That’s a feature that should already exist in IRC anyway, it’s just too painful to use in IRC clients.  Because twitter is frequently updated, it grabs people’s attention.  Because it grabs their attention, interactive conversations are facilitated.  So that’s the essence of Twitter: It’s a global chatroom where you subscribe to the people you want in it.  But that’s just a kind of user interface, it’s not inherent to the data feed.

Some of the people I follow on Twitter provide good technical tips and pointers. Some of them are personal friends, some post links to “cool stuff”.  Some of them post frequently, some of them post infrequently. Hmmmm, this is sounding like a breakdown of my various email-based filtered inboxes, and RSS reader tags, and my IM contact categories.

The message clients I use most these days are:

  • Cellphone SMS
  • RSS via Google reader (I use multiple computers remember)
  • gmail (for personal email)
  • thunderbird (for work email)
  • Pidgin (IM, multiple accounts, work and personal servers, some IRC)

So why do I need another one?  The ones with the best features for managing message streams are gmail and any RSS reader. What I’d really like is one application that can manage all those message streams for me, and cross link them.  Anyone want to write me one?

For my own purposes, it would be easiest if this application was a program that could be run as a hosted service.  That makes it easy for it to be cross platform, like Google Reader.  But I’m not supposed to access work email except from approved sources, so having an app server read my work email for me is out. For that reason a complete solution would probably need to be a client-based app.

I spend much more hands-on time reading that I do writing.  So I’m prepared to completely blow off the integrated message creation parts, I’m just talking about reading here. It can just just bring up Thunderbird to send email, or bring up twitter.com to update my twitter feed. The app would need to be able to read and correlate all the message stream technologies I’ve mentioned so far, and allow me to sort and group the various messages streams mixed together.  I have a “friends” folder in my work email that has a small number social emails.  I’d like that one folder from my work IMAP to be grouped with all my personal gmail folders.  I’d like to have views based on people, so that I can see all the messages streams from my buddy Ken, regardless of where they came from (IM, GMail, IMAP, Twitter, and don’t forget SMS and IRC).  I don’t need it to connect all his accounts together, I can configure that.

Some of the message streams are things I’d like to promote to “pop-up” status, so a browser add-on component that talks to the client would be nice.  (Or just use the desktop native pop-up mechanism).

I’m subscribed to fair number of high volume email lists at work, and I filter them off into separate email inboxes.  This works ok, but I’d really rather be reading those in an RSS reader, not an email app.  The user interface is structured in a more appropriate way in RSS readers.

Oh, and don’t forget NNTP.  I don’t use any NNTP streams right now because they require yet another client.  Even using thunderbird for NNTP pulls up a completely separate UI mode in thunderbird.  I’d totally love it if thunderbird had kill-files for IMAP messages, but it doesn’t yet.  By kill-files I mean: “type K to automatically junk all future emails in this thread”.  I don’t mean:  Set up a special filter with a special window and select subject line, and copy/paste the subject line, and remember to go back and prune your old filters, and remember to apply the filter to the specific folder you’re looking at.

In my head it’s a very simple interface, you just zoom in and zoom out on your message streams.  If you zoom all the way in on one blog post, you get a stream starting with the original post, and followed by all the comments. If you zoom out, you’ll see all the posts in the blog, but none of the comments.  Zoom out again, and you see a sample of all the posts in that category of your RSS reader.  The organization is a tree, but it’s heavily cross-linked.  Message streams show up in more than one place. I can start at the top of “all work email”, then drill down to my “work/social” folder, then go sideways to all “social” streams, then drill down to a thread with Ken, then drill sideways (eg by clicking on Ken’s name) to all message streams where Ken participates, etc, etc. Nodes in the tree are automatically created according to the structure of the underlying sources, but I get to create additional nodes that combine the data from other preexisting nodes. I can also create additional nodes by creating keyword search of filters on existing nodes.

Oh well, one day when I retire I’ll get a chance to work on it.  Until then, I’ll just keep bitching.  Someone please get cracking on this.  🙂 If it works right I’d pay a lot of money for it.

OpenID starting to take off (finally)

Sunday, December 24th, 2006

I found this on del.icio.us/popular: A video showing how to use OpenID to get a portable login that you can use with many different web sites.  One password, controlled from one spot. And you can get your free login identity from multiple different web sites offering the OpenID service.  Check it out.  Back to your holiday entertainment….

Markets without Marketing

Saturday, July 22nd, 2006

Engineers can help management (though not necessarily marketing) by saying “Don’t ask how we can make money with this technology. Ask how we can make money because of it.’

I just read an article by Doc Searls at Linux Journal called Markets without Marketing. It is a really good, short, perspective on the changes that Open Source is bringing to the area of Big business and marketing.  There are good lessons here for anyone trying to make a business out of free software.

Thanks for the pointer, Simon!

Anti-help

Wednesday, May 24th, 2006

This is great. I’ve complained about vacuous GUI help before, but I was just faced with the worst example I’ve ever seen.  I almost laughed out loud when I saw it.  A file chooser comes up in this tool, and glued onto the left hand side of the file chooser is this fine specimen of useful information:


Open Local Toolbox

The folders and toolboxes in the current folder are listed, folders first; toolboxes have a .tbx suffix.

1. Change folders, if necessary.

If the toolbox file is not in the current folder, select the appropriate folder from the “Look in” pulldown menu or type in the folder path in the “Filename” field and press Return.
To move up one folder, click the “Open parent folder” button to the right of the pulldown menu.

To move to your home folder, click the “Go to home folder” button.

2. Select the toolbox file you wish to open from the list or type the name in the Filename field and press Return.

The name of the file is displayed in the Filename field and its description in the Description field.

3. Click Open.

If you were opening a local toolbox from the Console menu, the selected toolbox displays in the Console. Depending on [Preferences] settings, the selected toolbox is displayed in the Console or the Login dialog is displayed above the Console.

If you were specifying your home toolbox in the Preferences dialog, the Preferences dialog is displayed, with the selected toolbox inserted in the Location field.


Of course, the tool is completely incapable of doing anything until you point it at a “toolbox”, and the help says nothing about what toolboxes might be preinstalled on your system, or how you might create a toolbox, or how you might find a toolbox on a server.  You just have to know that part.  But in case you knew all that and didn’t know how to use a file chooser…  In that case, you’re covered.

I don’t get all the keysigning hubub.

Sunday, February 5th, 2006

I’ve been reading about keysigning parties today, and trying to study about OpenPGP (which uses a so-called “web of trust” and S/MIME (which uses “certificate authorities“). S/MIME is simpler to use and it’s top-down. You get an official company to vouch that your cryptographic key (your certificate actually) really belongs to someone with your name and email address. With OpenPGP, it’s other OpenPGP users who vouch for you. Keysigning parties are where you get together in person with other PGP users and sign each other’s certificates.

I’m looking at the issue from an identity point of view, and not from a security point of view.  I haven’t figured out why there’s no mention of signing each other’s certificates online.  If I know someone via email and/or IM, when can’t I run a little utility program on my computer that validates someone else using email or IM?  The cryptographic theory is that the “Jim Smith” I know over email might not actually be named “Jim Smith” in his own warm and breathing flesh. (Like I care). So in theory, I have to meet them in person.  Of course, meeting them in person doesn’t guarantee they aren’t D. B. Cooper with a fake ID. “But hey,” (the crypto-wonks say) “it’s a guarantee that your security hasn’t been compromised by a man-in-the-middle attack.”

The vast majority of us aren’t important enough for anyone to scam us in that way.  If you tell your buddy that you’re going to be out of town over the weekend, and you use an unsecured IM channel to tell them that, then it’s pretty unlikely someone is going to eavesdrop on you and use that information to rob your house.  Unless you’re Bill Gates.

So can someone explain it to me?  Wouldn’t OpenPGP be much more successful if you could trust people that you met online?  After all, you’re not vouching for their credit rating or anything, you’re just verifying they are a “real” person who answers to some specific name and email address.

Credentials and Identity (part 2)

Tuesday, January 17th, 2006

First I will apologize to Bob, for being vague about which postings I was responding to. I’ll take more specific pot-shots next time. 😉 Next, I will thank him for taking the time to give me such a thorough response to my last blog posting. I appreciate the prodding to put more thought into this stuff. Thanks Bob!

I will apologize in advance for the lack of authoritative references in the two or three places below where I actually mention facts. Take the following for what it’s worth.

Okay, after some research on the web, I agree that the dictionary definition of “identity” that is most relevant to the task at hand is what Bob quoted: “The collection of attributes by which a person or thing is generally recognized or known.”

However, I would argue that a password (for example) is NOT a part of someone’s identity. A password is used specifically to authenticate with one specific system. It’s not a basis for being “generally recognized or known”. A password is specifically a credential.

One of the things that keeps tripping me up is whether the definition of “identity” permits a person to have multiple actual “identities”.

Let’s say I login to my online game as “beerhunter327”, and I have dozens of friends who know me only by that name. But they also know I have two kids and labrador retreiver. Is that a different “identity” than the one I use in “real life”? Is my identity at work the same as my identity at home? What if I manage to open a paypal account under the name of beerhunter327?

In one sense, my “distinguishing characteristics” are different in each different environment. They may even conflict. The color of my eyes might be different when I go out on dates from what it is when I am at home (if I use tinted contacts). If I know people who only see me in bars, do I have a different identity because they are sure that my eyes are blue instead of brown?

Biometrics, on the other hand, are harder to change arbitrarily. Of course, I would probably count a name signature as the very first biometric, and it’s not that hard to forge if work at it.

Some credentials are physical artifacts, like driver’s licenses, and some credentials are information, like a social security number or a password. Some are physical attributes, like your face. Obviously if you bundle a set of credentials together in a physical package that’s hard to split, the artifact becomes a stronger credential. (Hence putting your picture and signature on a driver’s license)

3. I might find out enough about you to open an account in your name, and have the institution which issues legitimate credentials make one with my picture on it and give me the PIN. This is IDENTITY THEFT followed by fraud.

Okay, here’s where we diverge. I agree that you describe the commonly used meaning for “identity theft”. My nit pick is that it’s an overly inflamatory term, and shifts the attention away from the institution on onto the fraudster.

First of all it’s fraud to open an account in a name that is not yours. Regardless of whether you end up being mixed up with another person or not.

It’s not fraud or a crime to know someone else’s SSN or even their bank account number. It’s only a crime to create fraudulent accounts.

Here’s how I would describe the same process that’s in Bob’s quote.

Create a fraudulent account that you know our lame-assed defective credit bureaus will equate with some other poor slob. (Okay, I suppose my description is a little more subjective sounding.)

The reason that the legal system found it necessary to create the term “identity theft” and to prosecute these criminals with greater tenacity is because they are exploiting a huge gapping hole in the computer systems that run the american credit business. And that business is BIG business. The credit business (as implemented by the big-name credit bureaus, and with the acceptance of all the largest finanacial institutions) touches almost every American’s life in a serious way.

If every savings and loan goes out of business at once, the government has to bail them out. To do otherwise would be a disaster. But after the bailout you try and fix things to make sure it doesn’t happen again. Bashing on so-called identity thieves is only thefirst step. We have to fix the root of the problem.

One improvement would be if you could order a token card from a credit bureau and tell them not to release any information unless the request includes a one-time password generated by the token card.

The credit bureaus hold a special combination of information. There is a record for me with a combination of bank accounts and loans. They claim that this collection of data represents a single warm breathing body. That collection of data represents a credential. It’s just like a drivers license that binds multiple pieces of information into one joint unit. Unfortunately it’s a credential that’s not visible to me, or controllable by me without serious hassle.

The Social Security Administration is also responsible for part of your identity, but fortunately that small piece doesn’t change. They assign it once, and then the individual is responsible for who gets the information. (Unlike credit bureaus)

Suppose someone gets a credit card with my name on it, and attached to my credit credential, but with his picture. Bob describes this as a “legitimate” credential. It’s “official” in the sense that it was created by the same physical process that creates “real” credit cards, and it the computer process used to create the account was not compromised. That doesn’t make it “legitimate” in my mind.

Of course, the practical consideration is that nobody can tell that’s it’s illegitimate from looking at the physical card. The physical card is a true representation of an illegitimate account.

The fact that this account is confused with other accounts held by someone else is the fault of the computer systems, and the weak credentials used by the financial institutions.

It could be addressed by asking for stronger credentials when opening new accounts, or it could be addressed by attaching stronger credentials to the joint credential held by the credit bureau.

there is nothing you can show the authorities which definitively proves that you are you and everyone else is not. (even DNA doesn’t do this for a small but important percentage of the population …

I’m not sure anyone needs to know what or who my physical body is. If there is a group of credit accounts associated together in the mind of a credit bureau somewhere, it only matters that all those accounts came from the same logical entity, be they human, artificial intelligence, drug lord, or mutated gorilla. The credit bureau’s job is to make sure the entity behind any of the accounts in a group will continue to act in a consistent manner. They are not the meatspace patrol.

If I want to create two online identities and establish two different credit ratings, I should be allowed to do that. (In a perfect, online world.) Of course, the FBI will claim that makes it harder for them to track down the warm-and-breathing body. I’m not claiming you have to be anonymous, I’m just saying that I don’t uniqueness has to be important to the problem of identity.

Uniqueness makes it easier to deal with fraud. (One identity per person please!). But it makes it harder to deal with data hiding. If I can easily and portably create two identities, I can use one for banking, and a completely different but official identity for casual chatting. My chatting identity can be known by thousands of people, but has no bank or finance information associated with it, so “stealing” that identity will do only minor harm.

you seem to have the theory that government is better at reducing identity risks than business. I think the opposite is true – businesses will very effectively control fraud when they are responsible for paying for it. It wasn’t the banks who decided to use Social Security Numbers for identification; it was the Federal government.

I think that when multiple business end up in a situation where they have to cooperate for the good of themselves and the consumer, they seem to be unable to do it. (On a completely different tangent, I look at the CD+/-RW and the DVD+/-RW wars as a demonstration of this). There is no way that banks and credit bureaus are going to agree on significant improvements in the credential infrastructure. There is too much infighting, and every computerized “authentication system” is being hyped by the special interests that have a financial stake in its success.

In the end I think the government ends up stepping in in these cases. I expect that once we have a few examples in the wild, of good strong credential systems, that the government will start to look at mandating one or more of them.

The credit bureaus were doing a TRAGIC job of following up on fraud, until the government required them to give more access to individual consumers.

In general I’m not a fan of government intervention, but I think large businesses can get into a “deadly embrace” of conflicting values, and sometimes need to be given a kick in the pants to get things unstuck.

Also, I think the feds created the SSN, and at the time (I heard, but I didn’t verify this) the feds said that the number would not be used as a global ID number, it would only be used for the administration of social security. Of course it was probably only two minutes before every large institution was using it as a convenient “global” ID number. The feds require banks to associate SSN’s with bank accounts (for tax purposes). The feds don’t require the banks to use this information as an authentication credential.

Hmmm….. Well if anyone got to the end of this, congratulations. I hope it wasn’t too boring.

Credential Theft

Sunday, January 15th, 2006

I’ve always been interested in on-line social mechanisms, and identity mechanisms are crucial to developing a ubiquitous on-line community. I’ve been reading blogs by some Identity Pundits, and a thought occurred to me just now. (The guys I’m talking about are: Bob Blakely and Kim Cameron) These guys take an approach that a lot of tech thinkers do. They look at technology that’s out there today, or being developed, and try to extrapolate how it will affect society, or how it should affect society. It would be better to approach things from the other way around.

Here is an example. These guys discuss things like identity theft and the Laws of Identity. They often wax philosophical about how society and hence software should deal with related social issues. From an english language point of view I have a bone to pick here. The whole “online identity” notion would be better called “online credentials”.

According to webster.com, Identity : (2a) the distinguishing character or personality of an individual (2b) the relation established by psychological identification. This is clearly talking about things that live inside a person’s head.

Credential: something that gives a title to credit or confidence. Clearly talking about an artifact. A something. The only hazy part is that you have to understand that in this case (identity theft), the artifacts that often get stolen are information. Like social security number, bank account number, etc. Those are information artifacts. They are somethings.

Your social security number is NOT part of your identity, in any stretch of the term “identity”. Your social security number is a peice of information that CORPORATIONS use as a credential. You call someone on the phone, you give them a social security number, and they assume that you are the person whom that social security number was assigned to.

So identity is identity and credentials are credentials. There’s no reason to wax philosophical about the true nature of identity when we’re discussing new kinds of computerized credentials. There’s no point.

Begin rant…

Modern so-called “identity theft”, is more accurately called “fraud”, plain and simple. The problem is not that a brand new evil practice (“identity theft”) has become rampant. The problem is that consumer databases have become massively more connected, and the coporations that interface with those databases are still using the credential systems that they used 20 years ago.

Actually, you could say that corporations (bank, insurance companies etc) are using weaker credentials than they used to. Signatures and bank visits used to be required in many cases. These days, (to lower costs) computers and phone trees are are doing the same work, and you can’t give a handwritten signature over the phone or internet.

We don’t need to invent anything to solve the problem of identity theft. All we need to do is hold corporations accountable for fraud that they fail to prevent.

Cracking down on identity thieves is politically easier to do, since they are obviously the “bad guy”. But from an enforcement point of view, it will never be effective in the long run. Desperate people will do stupid things for money no matter how severe you make the penalty.

Cracking down on corporations is harder to do because corporations donate millions to political parties and candidates and Political Action Committees, etc, etc. And the most guilty corpoprations are the largest ones. Banks, insurance companies, government departments, etc.

From a global point of view (considering all social costs) the most effective way to reduce this kind of fraud is to place legal requirements on the kinds of credentials that can be used for significant financial transactions. The government could require corporations to use stronger credentials (like a token card, or calling from your home phone with ID enabled, or using a pass-phrase, or reading a number that was mailed or emailed to them … None of these is a perfect solution, and the better ones are a bigger hassle.

Some services, departments, or corporations are worse than others. The weakest links in the chain become the most common point of entry for identity fraud. First a criminal gets a sears card in your name, then they use that to get a mastercard, etc, etc. If we tightened the credentials in the worst places, that would be the best way to cut down on identity fraud.