Monday, July 06, 2009

The end of passwords - episode LXVII


It turns out that if you know a little bit about someone it's possible to compute their social security number. Social security numbers, of course, are often treated as a secret password, something that's known to only one person, and thus proof of identity.

Well, ok, two people. You and the the bank.

Okay, you and the bank and the hospital and your employer and your former employer and the IRS and your spouse and your ex-spouse and whoever stole your health insurance card and 425,000 hackers.

In other words, it's a lot like the secret questions my scream-inducing bank tortures from me. It's a backdoor for anyone who wants to steal your Gmail account (fortunately, few do).

Houston, we have a problem.

No comments: