The IRS is paying Equifax millions for a login system that's been hacked twice

> The system, known as Knowledge-Based Authentication, or KBA, asks questions based on a person’s credit history, such as “On which of the following streets have you lived?” or “What is your total scheduled monthly mortgage payment?”

So it authenticates you based on facts that can’t be changed, and are either publicly-available knowledge or easily discoverable with some lite social engineering?

Boggles the mind.