Educause Security Discussion mailing list archives
Re: Bare Social Social Security Numbers
From: Jere Retzer <retzerj () OHSU EDU>
Date: Tue, 28 Mar 2006 16:39:00 -0800
There are lots of possibilities. Use, for example a multi-step process to register folks and assign a user id. They register with an e-mail which you send a code for example, commonly used for commercial appplications. There is work going on now on exchanging electronic health records aimed toward the eventual creation of a national capability that does not use global identifiers of any sort. Rather, the participating systems identify/retrieve health records by matching demographics.
nick.pullman () CITIGROUP COM 03/28/06 1:20 PM >>>
I agree that the use of an identifier as authentication is flawed, but unfortunately what other solution is there? Biometrics are not anywhere near mature enough for a large-scale implementation, and even if they were, how do you "register" individuals if the other forms of authentication are not reliable; i.e. SSN. -----Original Message----- From: Kevin Shalla [mailto:kshalla () UIC EDU] Sent: Tuesday, March 28, 2006 1:51 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Bare Social Social Security Numbers This sounds like the perfect solution. I think it's only a matter of time before the use of an identifier as authentication becomes ridiculous not only to security people, but also to financial institutions. At 11:52 AM 3/28/2006, Gary Flynn wrote:
I vote we make all SSN and names public knowledge so they'll be worthless as a basis on which to make a decision. Then, when companies, governments, and organizations can no longer use them as authenticators, they become worthless. ;)
Current thread:
- Re: Bare Social Social Security Numbers, (continued)
- Re: Bare Social Social Security Numbers Gary Golomb (Mar 27)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers Keith Schoenefeld (Mar 28)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers H. Morrow Long (Mar 28)
- Re: Bare Social Social Security Numbers Keith Schoenefeld (Mar 28)
- Re: Bare Social Social Security Numbers Gary Flynn (Mar 28)
- Re: Bare Social Social Security Numbers Kevin Shalla (Mar 28)
- Re: Bare Social Social Security Numbers Pullman, Nick (Mar 28)
- Re: Bare Social Social Security Numbers scott hollatz (Mar 28)
- Re: Bare Social Social Security Numbers Jere Retzer (Mar 28)