Why the hell are SSNs still considered passwords in the US?

- Advertisement -


A couple of weeks ago, another of my friends was the victim of identity theft, and I took another look at how fantastically broken the US can be when it comes to security. “They have my Social Security number,” she said, and it reminded me of how horribly badly designed many systems in the US are. Namely: I called my bank this morning and they asked me for the last four digits of my SSN and they somehow assumed my identity because I knew those four digits. LOLVUT? If my bank were a start-up, I would call the chairman of the board and demand that his security chief be fired immediately for gross incompetence.

- Advertisement -

When I moved to the US a couple of years ago, my friends convinced me that I should keep my Social Security Number (SSN) private and hidden. When I started opening a bank account and setting up a cell phone plan, it became clear why: all sorts of institutions that really should know better treat this string of numbers as a password. There is a huge, glaring problem with this. I contend that Equifax should receive the corporate equivalent of the death penalty for allowing this to happen, but A few years ago, hackers stole 145 million social security numbers.which means that social security numbers – yes, the same numbers that are considered as “passwords” – are in the shadows for about half of the US adult population.

- Advertisement -

We are already used to passwords, but at least in most cases, passwords can be changed when hacked. What is your social security number? Not so much. If your SSN leaks even once, you’re done. It can’t be changed, and it shows the true depth of idiocy in all of this: relying on security, which depends on keeping a piece of information secret, is really fucking stupid.

The corollary is this: Imagine your email has been hacked, but your email provider tells you that you can’t change your password, you can’t change your email provider, and you just have to live with it. That’s the situation we have now with social security numbers.

- Advertisement -

Most countries have Social Security number equivalents that the government or tax authorities use to identify you. However, in most countries this number is never supposed to be secret. With it, you enter your bank accounts. You freely tell your employers what it is. You can spray paint it on a wall at home or get it tattooed on your forehead. I wouldn’t do either, but it’s more of a matter of my taste compared to forehead tattoos and garage graffiti. From a security point of view, there is no particular reason why you shouldn’t do this.

In most parts of the world, your SSN equivalent is treated as a unique identifier. In other words: this is your unique username. In addition to your username, you will need a password to deal with anything. For the same reason, you should not use your username as a password, and you should not rely on any publicly available information as part of your security matrix. “What is your mother’s maiden name” is a terrible security question. If your mom is on Facebook, you are probably 2-3 clicks away from answering this question. Guess what? With all the hacks and leaks, your SSN de facto public information.

Part of me thinks maybe hacking Equifax could be a good thing, but only if everyone who relies on SSNs for passwords would review and change their security protocols. This really should have been a wake up call. And yet, five years later, we still use our SSNs to sign up for car insurance, open credit cards, and identify ourselves with our banks. This is absolutely ridiculous and needs to stop.


Credit: techcrunch.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox