Security Protection – Harry Waldron MVP Rotating Header Image

Privacy – Unlike passwords SSN cannot be changed

PC Magazine shares excellent security awareness that static identifiers like SSN or birthdates can never change and must be protected from criminals.

http://securitywatch.pcmag.com/identity/321982-change-your-password-fine-change-your-ssn-oh-dear

QUOTE: When an online shopping site suffers a data breach, you’ll get a warning to change your password. If your bank is hacked, they’ll send you a new credit card. The real problem occurs when a business authenticates you using personal data that can’t be changed, like your SSN or birthdate. A new whitepaper from NSS Labs examines the use of static and dynamic information for authentication, and offers businesses advice for improving security.

Static Data – The SSN was never meant as a personal identifier. The report notes that the equivalent identifier in the UK is never used for authentication. Once your SSN is revealed in a breach, it’s forever compromised. And that’s a problem. Some businesses attempt to protect customers by storing only the last four digits of the SSN. It turns out that this isn’t very effective. The first five digits aren’t random; they’re based on when and where you first applied for your SSN. A research project from five years ago analyzed data from the government’s “Death Master File” and devised an algorithm to predict those first five digits.

Comments are closed.