Tuesday, September 12, 2006

The insanity of using SSN as a password

When corporations outsource various HR functions, the disparate contractors all need an identify management process. They can get IDs easily enough, but not passwords. So they need to give everyone a password.

Typically they use a password that consists of some combination of one’s name and a portion of the SSN. For the past few years they’ve routinely used the last four digits of the SSN. Of course since everyone in the world uses the last four digits for authentication that information is now widely distributed and cannot be considered even remotely confidential.

So today one of these vendors asked me for the last six digits of my SSN.

I think you can guess where this is going. We have 3 digits to go.

Blithering idiocy.

No comments: