Security Protection – Harry Waldron MVP Rotating Header Image

Privacy – Unlike passwords SSN cannot be changed

PC Magazine shares excellent security awareness that static identifiers like SSN or birthdates can never change and must be protected from criminals.

QUOTE: When an online shopping site suffers a data breach, you’ll get a warning to change your password. If your bank is hacked, they’ll send you a new credit card. The real problem occurs when a business authenticates you using personal data that can’t be changed, like your SSN or birthdate. A new whitepaper from NSS Labs examines the use of static and dynamic information for authentication, and offers businesses advice for improving security.

Static Data – The SSN was never meant as a personal identifier. The report notes that the equivalent identifier in the UK is never used for authentication. Once your SSN is revealed in a breach, it’s forever compromised. And that’s a problem. Some businesses attempt to protect customers by storing only the last four digits of the SSN. It turns out that this isn’t very effective. The first five digits aren’t random; they’re based on when and where you first applied for your SSN. A research project from five years ago analyzed data from the government’s “Death Master File” and devised an algorithm to predict those first five digits.

Comments are closed.

Featuring WPMU Bloglist Widget by YD WordPress Developer