[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] After Equifax pwning, what is the best means for replacing the SSN?




Maybe I'm misunderstanding, but isn't this fairly easy?  Just invent a fine for companies that use SSN as an authentication mechanism.  Or any identifier that is knowingly public, including having been made public by a security breach.

If I used the public corporate registration number for Apple as authentication trying to get a loan I'd get laughed out of the room.  But not if I used someone's SSN ¯\_(ツ)_/¯

Alexander


On Tue, Sep 12, 2017 at 8:23 PM, erik <erik AT erikgranger.name> wrote:
Hello. Equifax was pwned, and I'm sure you all already are aware.

It make syou wonder, however, why a single 9-digit number is capable of such
destruction. Why is your identity 9 digits long?

Sure, there are birth certificates as well, but the social security number is
quite a strange phenomenon.

So, here's a challenge for you guys if you're interested: Replace the social
security number as a means of identification, and do it in such a way that
meets some basic criteria.

-It has to not be completely objectionable and possibly evil (ie, a universal
identification card or microchipping or requiring blood to be drawn, people
would frea

-It has to be relatively unforgable, or as unforgable as you can figure out
how to make it

-It has to be suitable for not just applying for Social Security benefits, but
also for applying for loans, mortgages, etc.

I really enjoyed reading the "Have I Been Pwned" discussion that is being had
on this list. Hopefully this will also be an interesting conversation.
_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

_______________________________________________
The cryptography mailing list
cryptography AT metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography