Security Basics mailing list archives
Re: Risk of using SS#s (last 4 digits) for authentication
From: Richard Caley <rjc () interactive co uk>
Date: 12 Nov 2002 10:57:02 +0000
In article <200211091830.gA9IUn329530 () palmermania com>, Griff Palmer (gp) writes: gp> As a practical matter, using only the last 4 digits of an employee's SSN gp> gives some measure of protection to the employee. I would have thought that a SSN is rather too widely known/used to be much use. Eg it might give all of the companies personel and payroll staff the ability to request a new password for anyone. Plus anyone who walks past the desk of someone who is not obsessive about hiding correspondance from the personel people and/or the taxman. Plus the postman if skilled at opening letters. Certainly, I'd be very wary of using a financial organisation that used such a public piece of information as part of their authentication. Could be worse, I recently talked to an insurance company who wanted my address to confirm who I was an let me try 4 times before I got the right one. -- Mail me as MYFIRSTNAME () MYLASTNAME org uk _O_ |<
Current thread:
- Risk of using SS#s (last 4 digits) for authentication Jim Lawton (Nov 04)
- Re: IIS running with least privs.. McKenzie Family (Nov 06)
- Re: Risk of using SS#s (last 4 digits) for authentication Andy Cowan (Nov 06)
- Re: Risk of using SS#s (last 4 digits) for authentication noconflic (Nov 08)
- Re: Risk of using SS#s (last 4 digits) for authentication Gordon Ewasiuk (Nov 09)
- RE: Risk of using SS#s (last 4 digits) for authentication David Greenstein (Nov 08)
- RE: Risk of using SS#s (last 4 digits) for authentication Jason Coombs (Nov 09)
- Re: Risk of using SS#s (last 4 digits) for authentication Jim Clark (Nov 11)
- Re: Risk of using SS#s (last 4 digits) for authentication Griff Palmer (Nov 11)
- RE: Risk of using SS#s (last 4 digits) for authentication Jason Coombs (Nov 12)
- Re: Risk of using SS#s (last 4 digits) for authentication Richard Caley (Nov 12)
- <Possible follow-ups>
- Re: Risk of using SS#s (last 4 digits) for authentication Margles Singleton (Nov 05)