Educause Security Discussion mailing list archives

Re: Use of Partial SSN as Authenticator

From: Gary Flynn <flynngn () JMU EDU>
Date: Thu, 22 Feb 2007 09:42:41 -0500

Steve Worona wrote:

Depending on exactly how you're planning to use the number, one or both of these might be helpful:

http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/uwisc.html

http://www.ed.gov/policy/gen/guid/fpco/ferpa/library/hunter.html



They were, thank you, though the hypothetical issue was not
providing the partial SSN to anyone. Rather, it was using the
partial SSN, along with other information of a very limited
nature, to help prove identity on a web site when a password
isn't known in order to get access to a second tier of
identity challenge. Basically, using the partial SSN as a PIN.





--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Current thread:

Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- <Possible follow-ups>
- Re: Use of Partial SSN as Authenticator Charlie Reitsma (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Grimshaw (Feb 22)
- Re: Use of Partial SSN as Authenticator Steve Worona (Feb 22)
- Re: Use of Partial SSN as Authenticator Gary Flynn (Feb 22)
- Re: Use of Partial SSN as Authenticator Randy Marchany (Feb 22)
- Re: Use of Partial SSN as Authenticator Pace, Guy (Feb 22)
- Re: Use of Partial SSN as Authenticator Brad Judy (Feb 22)
- Re: Use of Partial SSN as Authenticator Jimmy Kuo (Feb 22)