Posted by: Stephen Wildstrom on January 23, 2007
I’m not sure the idea is entirely original, but security specialist Marcus Ranum offers an excellent suggestion in the SANS Newsbites e-newsletter: On April 1, the government should publish the Social Security number of every American on the Web and any institution relying on the number for authentication after that date would be liable for any losses.
It is sheer idiocy for banks and other institutions to go on assuming that someone’s ability to produce am SSN is proof, or even evidence, that he is who he claims to be. The SSN is still valid for uniquely (allowing for some fraud using duplicated numbers) identifying individuals, but mere possession of it can’t serve as proof of that identity. It’s far to easy for anyone to get your SSN.