Copyright infringement

Why the heck are SSNs still treated as passwords in the US? –

A few weeks ago another of my friends was a victim of identity theft, and I took a closer look at how fantastic the United States can be when it comes to security. “They have my social security number,” she said, and I was reminded of how many American systems are poorly designed. To find out: This morning I called my bank, and I was asked for the last four digits of the SSN, somehow they accepted my ID, because I knew those four numbers. LOLWUT? If my bank was a startup, I would have called the chairman of the board and demanded from the security officer to be fired on the grounds of gross misconduct.

When I moved to the United States a few years ago, my friends made sure I found out that I was keeping my Social Security number (SSN) secret. When I started opening a bank account and setting up a cell phone plan, it became clear why: All types of institutions should really know how to deal with these passwords. There is a very obvious problem. I expect Equifax to find a company equivalent to the death penalty to allow this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that Social Security numbers – yes, the same number treating. such as “passwords” – about half of all American adults are in the wind.

We are now familiar with the password, but at least, in most cases, the password can be changed when it is hacked. Your social security number? Not too much. If your SSN only drops once, you are a bone marrow transplant. It is impossible to change, and that leads to the depth of the real stupidity of all this: Dependence on security for the protection of irreplaceable data is really bloody stupidity.

Here is a summary: Suppose your email is hacked but your email provider tells you that you cannot change your password, you cannot change your service provider, you just have to do something about it. That is the situation we now have with Social Security numbers.

Most countries have something similar to the Social Security number that the state or taxpayer uses to identify you. In most countries, however, it is never assumed that this number is confidential. Log in to your bank account. Feel free to tell your employer what it is. You can spray paint on the side of the house or stick it on your forehead. None of it will do, but that is a matter of taste on the face In terms of security, there is no particular reason why you should not object.

In most of the rest of the world, your corresponding SSN is treated as a unique identifier. In other words: It is your personal user. In addition to your username, you will need a password to deal with it. For the same reason you should not use your username as a password, you should not rely on any public information that is part of your security matrix. “What is your mother’s name” is a serious security question. If your mom is on Facebook, you are probably 2-3 seconds away from answering that question. Guess what? For all hacks and spills, your SSN is fact public data.

One of me thinks that hacking Equifax may have been a good thing, but only if everyone relying on SSN numbers as a password would reconsider and modify the security protocol. It really had to be an awakening. However, here we are, five years later, we still use our SSN numbers to sign up for car insurance, open credit cards and identify ourselves as our banks. It is ridiculous and needs to be stopped.