Educause Security Discussion mailing list archives
Re: Use of Partial SSN as Authenticator
From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 22 Feb 2007 09:42:41 -0500
Steve Worona wrote:
Depending on exactly how you're planning to use the number, one or both of these might be helpful: http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/uwisc.html http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/hunter.html
They were, thank you, though the hypothetical issue was not providing the partial SSN to anyone. Rather, it was using the partial SSN, along with other information of a very limited nature, to help prove identity on a web site when a password isn't known in order to get access to a second tier of identity challenge. Basically, using the partial SSN as a PIN. -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- <Possible follow-ups>
- Re: Use of Partial SSN as Authenticator Charlie Reitsma (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Grimshaw (Feb 22)
- Re: Use of Partial SSN as Authenticator Steve Worona (Feb 22)
- Re: Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Marchany (Feb 22)
- Re: Use of Partial SSN as Authenticator Pace, Guy (Feb 22)
- Re: Use of Partial SSN as Authenticator Brad Judy (Feb 22)
- Re: Use of Partial SSN as Authenticator Jimmy Kuo (Feb 22)