Brett A Scudder (on LinkedIn) basically referred to the following report on why SSNs are not appropriate for authentication....
Uses of Social Security Numbers in the Private Sector:Why SSNs Are Not Appropriate for Authentication
Multiple banks over the last few years have used SSNs as the userid for online banking. Some of these banks are prominent banks. But they have all migrated (or given an option to the user to choose a personal username). In my view, phishing attacks will aggravate the dangers, if SSNs continue to be used for authentication by those who have adopted it.
Post a Comment