Educause Security Discussion mailing list archives

Re: Use of Partial SSN as Authenticator

From: Steve Worona <sworona () EDUCAUSE EDU>
Date: Thu, 22 Feb 2007 08:06:54 -0600

Depending on exactly how you're planning to use the number, one or both of these might be helpful:

http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/uwisc.html

http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/hunter.html

Steve
--
Steven L. Worona
Director of Policy and Networking Programs
EDUCAUSE / 1150 18th St. NW suite 1010 / Washington, DC 20036
202-872-4200 x 5358 / 202-872-4318 fax / sworona () educause edu


-----
At 8:25 AM -0500 2/22/07, Gary Flynn wrote:

I've been asked to back up my assertion that the use of
a portion of the SSN ( e.g. last four digits ) as an
authenticator should be avoided as much as the use of
the entire SSN.

Can anyone point me to regulations, best practice studies,
or other material which may back up or refute this
assertion?

thanks,

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- <Possible follow-ups>
- Re: Use of Partial SSN as Authenticator Charlie Reitsma (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Grimshaw (Feb 22)
- Re: Use of Partial SSN as Authenticator Steve Worona (Feb 22)
- Re: Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Marchany (Feb 22)
- Re: Use of Partial SSN as Authenticator Pace, Guy (Feb 22)
- Re: Use of Partial SSN as Authenticator Brad Judy (Feb 22)
- Re: Use of Partial SSN as Authenticator Jimmy Kuo (Feb 22)