Security Basics mailing list archives
RE: Risk of using SS#s (last 4 digits) for authentication
From: "David Greenstein" <dgreenst () tir com>
Date: Mon, 4 Nov 2002 14:45:21 -0800
How legal is the use of the SSN for authentication. My understanding is that the SSN is to be used by state and federal government only Please, any legal expert, help us to understand the issue Thank you -----Original Message----- From: Jim Lawton [mailto:jblii () hotmail com] Sent: Saturday, November 02, 2002 8:00 AM To: security-basics () security-focus com Subject: Risk of using SS#s (last 4 digits) for authentication We are currently considerring the limited use of employee's Social Security numbers to authenticate them when they request a password reset from the Help Desk. We have chosen two items (in total) for authenticating them: their employee # and the last 4 digits of their SS#. Only the last 4 digits would be stored in the Help Desk app, and these would be viewable only by Help Desk technicians. They would only be able to see them by selecting a specific toolbar button (the SS# screen would not visible at all times). We are concerned with the privacy issue potential if we use any part of a SS# but are unaware of any legal precedent, standard or guideline either supporting or against this use. Does anyone have knowledge they can share, or know of web resources that might be useful to research this issue? We are a corporation of roughly 1200 specializig in healthcare, and HIPAA privacy/security regs, NCQA and URAC acredidations must be taken into consideration. Thanks in advance for any suggestions or information. JBL _________________________________________________________________ Surf the Web without missing calls! Get MSN Broadband. http://resourcecenter.msn.com/access/plans/freeactivation.asp
Current thread:
- Risk of using SS#s (last 4 digits) for authentication Jim Lawton (Nov 04)
- Re: IIS running with least privs.. McKenzie Family (Nov 06)
- Re: Risk of using SS#s (last 4 digits) for authentication Andy Cowan (Nov 06)
- Re: Risk of using SS#s (last 4 digits) for authentication noconflic (Nov 08)
- Re: Risk of using SS#s (last 4 digits) for authentication Gordon Ewasiuk (Nov 09)
- RE: Risk of using SS#s (last 4 digits) for authentication David Greenstein (Nov 08)
- RE: Risk of using SS#s (last 4 digits) for authentication Jason Coombs (Nov 09)
- Re: Risk of using SS#s (last 4 digits) for authentication Jim Clark (Nov 11)
- Re: Risk of using SS#s (last 4 digits) for authentication Griff Palmer (Nov 11)
- RE: Risk of using SS#s (last 4 digits) for authentication Jason Coombs (Nov 12)
- Re: Risk of using SS#s (last 4 digits) for authentication Richard Caley (Nov 12)
- <Possible follow-ups>
- Re: Risk of using SS#s (last 4 digits) for authentication Margles Singleton (Nov 05)