I talk a lot about the security problems and weaknesses of the internet, as well as the devices connected to it. It\u2019s all true, and we badly need improvements. Yet the irony is that security in our online world is actually better than in our physical world.Think of how many people are scammed by someone phoning to say their computer is infected and needs repair. As InfoWorld\u2019s Fahmida Rashid recently chronicled, they typically say they\u2019re with Microsoft or a Microsoft partner, and your computer is infected and needs fixing immediately. Unfortunately, millions of people fall for this scam and end up installing malicious software on their system. They sometimes even pay for the privilege, compromising their credit card numbers in the process.The problem is there's no easy way in the real world to quickly and easily prove these phone solicitors are fake or legit. In the digital world, all the major browser and email manufacturers spend a significant part of their coding to detect pretenders. My browser URL bar turns green in approval when I visit a legitimate website protected by an Extended Validation digital certificate. That means I can trust it.There\u2019s nothing like that in the physical world. In the case of the fake Microsoft repair company, the best case I can hope for is to independently call the right Microsoft phone number and ask for verification.Any of Microsoft\u2019s trained responders will readily and quickly tell you that you\u2019re being scammed -- mainly because Microsoft doesn\u2019t proactively call people to tell them their computer is infected. But unless you know the phone number (800-426-9400) or the Microsoft website, or you enter the right words in an internet search engine, it\u2019s going to take time and possibly a bunch of calls to get an answer.That\u2019s not Microsoft\u2019s fault. It\u2019s a huge, global company with tons of locations and products. It has blogged about Microsoft phone scams dozens of times over the years, and it does advertise the right numbers and places to call for such inquiries. However, not everyone has heard of the scams or knows where to go when they have a question, so it takes effort. Contrast that with looking at a green URL bar in one second.A few times I\u2019ve been called, out of the blue, by a company I\u2019m already affiliated with offers I'd normally be interested in -- say, faster internet for less per month. It sounds great, and the company is ready to sign me up, but then asks for my \u201caccount password.\u201d I ask the representative to tell me the account password on file, and I\u2019ll verify it, but he or she says it doesn\u2019t work that way. Thus, I hang up. If I try to call back in on the general, advertised phone number and get the same deal, it takes me an hour or I can\u2019t find that call center at all.My bank recently did the same. It was proactively calling to report that my debit card had been compromised. My bank had never called me before. How would I know that this complete stranger on the phone is who they say they are?Brian Krebs recently related a story in which digital scammers claiming to be from Google called someone who used a two-factor-enabled Gmail account and asked the user to tell them the code sent to the victim\u2019s phone (via SMS) to verify the account. Luckily, the victim was suspicious and brought in her security-minded dad, and they didn\u2019t give up the code.But it got me thinking. In this particular instance, two-factor digital authentication was the strongest part of the authentication chain. The phone call was the weak link and not easily verifiable. National Institute of Standards and Technology (NIST) now advises that SMS-sent two-factor authentications aren\u2019t to be trusted, or at least not as trusted as we once thought them to be. But to be honest, most of the problems with two-factor authentication using SMS verification apply to the phone, not the computer.We need a system that allows phone calls to be quickly and accurately verified. I want EV certificates for the physical world! I want multiple defensive software programs that investigate my incoming calls and alert me if something seems risky. Today most of those calls come in over cellphones. I have to think a centralized phone number repository and a local phone app could solve much of the problem. Heck, we\u2019d easily be able to kill unsolicited junk calls at the same time.The online world is nowhere near perfectly secure. But I\u2019m quickly starting to realize that, though insecure, the digital world is often in better shape than the physical world. How about that irony?