Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bare Social Social Security Numbers

From: "Pullman, Nick" <nick.pullman () CITIGROUP COM>
Date: Tue, 28 Mar 2006 16:20:07 -0500
I agree that the use of an identifier as authentication is flawed, but unfortunately what other solution is there?  
Biometrics are not anywhere near mature enough for a large-scale implementation, and even if they were, how do you 
"register" individuals if the other forms of authentication are not reliable; i.e. SSN.

-----Original Message-----
From: Kevin Shalla [mailto:kshalla () UIC EDU]
Sent: Tuesday, March 28, 2006 1:51 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Bare Social Social Security Numbers

This sounds like the perfect solution.  I think it's only a matter of
time before the use of an identifier as authentication becomes
ridiculous not only to security people, but also to financial institutions.

At 11:52 AM 3/28/2006, Gary Flynn wrote:

I vote we make all SSN and names public knowledge so they'll
be worthless as a basis on which to make a decision. Then,
when companies, governments, and organizations can no longer
use them as authenticators, they become worthless. ;)
Previous By Date Next
Previous By Thread Next

Current thread: