Google Site Search


Tuesday, July 15, 2008

SSNs useful for authentication?

Brett A Scudder (on LinkedIn) basically referred to the following report on why SSNs are not appropriate for authentication....
Uses of Social Security Numbers in the Private Sector:Why SSNs Are Not Appropriate for Authentication

Multiple banks over the last few years have used SSNs as the userid for online banking. Some of these banks are prominent banks. But they have all migrated (or given an option to the user to choose a personal username). In my view, phishing attacks will aggravate the dangers, if SSNs continue to be used for authentication by those who have adopted it.

No comments: