'Why the Heck Are SSNs Still Treated as Passwords in the US?'
Published on April 30, 2022 at 02:15AM
Haje Jan Kamps, writing for TechCrunch: A couple of weeks ago yet another of my friends was a victim of identity theft, and I got yet another deep look into how fantastically broken the U.S. can be when it comes to security. "They have my social security number," she said, and I was reminded of how a lot of systems in the U.S. are woefully poorly designed. To wit: This morning I called my bank and was asked for the last four digits of my SSN and they somehow accepted my identity because I knew those four digits. When I moved to the U.S. a couple of years ago, my friends made sure that I knew I had to keep my Social Security number (SSN) secret and hidden. When I started opening a bank account and set up a cell phone plan, it became obvious why: All sorts of institutions that really should know better are treating this string of numbers as a password. There's a huge, glaring problem with that. I maintain that Equifax should receive the corporate equivalent of capital punishment for allowing this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that the Social Security numbers -- yes, the same numbers that are being treated as "passwords" -- for about half the U.S. adult population are in the wind. We've gotten used to passwords by now, but at least, in most cases, passwords can be changed when they are hacked. Your social security number? Not so much. If your SSN leaks just once, you're boned. It's not possible to change it, and that brings up the true depth of idiocy in all of this: Relying on security that depends on keeping an unchangeable piece of information secret is really bloody stupid. The corollary is this: Imagine that your email has been hacked but your email provider tells you that you can't change your password, you can't change your email provider, and you'll just have to deal with it. That's the situation we currently have with Social Security numbers.
Published on April 30, 2022 at 02:15AM
Haje Jan Kamps, writing for TechCrunch: A couple of weeks ago yet another of my friends was a victim of identity theft, and I got yet another deep look into how fantastically broken the U.S. can be when it comes to security. "They have my social security number," she said, and I was reminded of how a lot of systems in the U.S. are woefully poorly designed. To wit: This morning I called my bank and was asked for the last four digits of my SSN and they somehow accepted my identity because I knew those four digits. When I moved to the U.S. a couple of years ago, my friends made sure that I knew I had to keep my Social Security number (SSN) secret and hidden. When I started opening a bank account and set up a cell phone plan, it became obvious why: All sorts of institutions that really should know better are treating this string of numbers as a password. There's a huge, glaring problem with that. I maintain that Equifax should receive the corporate equivalent of capital punishment for allowing this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that the Social Security numbers -- yes, the same numbers that are being treated as "passwords" -- for about half the U.S. adult population are in the wind. We've gotten used to passwords by now, but at least, in most cases, passwords can be changed when they are hacked. Your social security number? Not so much. If your SSN leaks just once, you're boned. It's not possible to change it, and that brings up the true depth of idiocy in all of this: Relying on security that depends on keeping an unchangeable piece of information secret is really bloody stupid. The corollary is this: Imagine that your email has been hacked but your email provider tells you that you can't change your password, you can't change your email provider, and you'll just have to deal with it. That's the situation we currently have with Social Security numbers.
Read more of this story at Slashdot.
Comments
Post a Comment