Educause Security Discussion mailing list archives
Re: Bare Social Social Security Numbers
From: scott hollatz <shollatz () D UMN EDU>
Date: Tue, 28 Mar 2006 15:41:13 -0600
I agree that the use of an identifier as authentication is flawed, but unfortunately what other solution is there? Biometrics are not anywhere near mature enough for a large-scale implementation, and even if they were, how do you "register" individuals if the other forms of authentication are not reliable; i.e. SSN.
But, by definition, authentication is the binding of an identifier to an entity. This is even true in zero-knowledge or witness-hiding authentication mechanisms.
This sounds like the perfect solution. I think it's only a matter of time before the use of an identifier as authentication becomes ridiculous not only to security people, but also to financial institutions. At 11:52 AM 3/28/2006, Gary Flynn wrote:I vote we make all SSN and names public knowledge so they'll be worthless as a basis on which to make a decision. Then, when companies, governments, and organizations can no longer use them as authenticators, they become worthless. ;)
-- scott hollatz net shollatz () d UMn eDu information technology systems and services tel +1 218 726 8851 university of minnesota duluth mn usa fax +1 218 726 7674 -- "Asn aD ta zlAp em uT zt33rg"
Current thread:
- Re: Bare Social Social Security Numbers, (continued)
- Re: Bare Social Social Security Numbers Leo Tran (Mar 27)
- Re: Bare Social Social Security Numbers Gary Golomb (Mar 27)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers Keith Schoenefeld (Mar 28)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers Keith Schoenefeld (Mar 28)
- Re: Bare Social Social Security Numbers Gary Flynn (Mar 28)
- Re: Bare Social Social Security Numbers Kevin Shalla (Mar 28)
- Re: Bare Social Social Security Numbers Pullman, Nick (Mar 28)
- Re: Bare Social Social Security Numbers scott hollatz (Mar 28)
- Re: Bare Social Social Security Numbers Jere Retzer (Mar 28)