Educause Security Discussion mailing list archives
Re: Use of Partial SSN as Authenticator
From: Randy Grimshaw <rgrimsha () SYR EDU>
Date: Thu, 22 Feb 2007 09:04:55 -0500
There was a thread not so long ago http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0510&L=security&D=0&P=10284 <><Randy <><Randall Grimshaw Room 203 Machinery Hall Syracuse University Syracuse, NY 13244 315-443-5779 rgrimsha () syr edu
reitsmac () DENISON EDU 2/22/2007 8:53 AM >>>
As an identifier, it's not unique in large populations as a password, being short and only digits goes against most password rules. Quoting Gary Flynn <flynngn () JMU EDU>:
I've been asked to back up my assertion that the use of a portion of the SSN ( e.g. last four digits ) as an authenticator should be avoided as much as the use of the entire SSN. Can anyone point me to regulations, best practice studies, or other material which may back up or refute this assertion? thanks, -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- <Possible follow-ups>
- Re: Use of Partial SSN as Authenticator Charlie Reitsma (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Grimshaw (Feb 22)
- Re: Use of Partial SSN as Authenticator Steve Worona (Feb 22)
- Re: Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Marchany (Feb 22)
- Re: Use of Partial SSN as Authenticator Pace, Guy (Feb 22)
- Re: Use of Partial SSN as Authenticator Brad Judy (Feb 22)
- Re: Use of Partial SSN as Authenticator Jimmy Kuo (Feb 22)