Comments on: A Modest Proposal – Eliminate the SSN Facade http://spiresecurity.com/?p=635 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Saar Drimer http://spiresecurity.com/?p=635&cpage=1#comment-896 Saar Drimer Sat, 26 Feb 2005 20:35:53 +0000 http://spiresecurity.com/blog/?p=635#comment-896 False sense of security is dangerous! SSNs give the impression of security while, as you say, provide none. People should come to realize that SSNs (and Mother’s maiden name) are pretty much public record and we should move on to a better authentication system.

]]> By: Stuart Berman http://spiresecurity.com/?p=635&cpage=1#comment-895 Stuart Berman Sat, 26 Feb 2005 07:37:13 +0000 http://spiresecurity.com/blog/?p=635#comment-895 Great series of posts on ChoicePoint and the issues around identity theft.

I have a tough time with all the cries for more patchworks of regulations that seem like bandaids while the patient is hemorrhaging internally.

SSN was never meant to be identification or authentication… You hit the nail on the head – in the US we don’t have any consistent and robust identity standard. Most security pros seem to shy away from advocating them. Well, how about a voluntary system? You could request a federal identity card which some institutions might honor and grant additional privileges (not unlike the idea of pre-screened frequent flyers). Then piggy back that onto digital certificates as an optional field for stronger authentication. Let consumers pick any certificate issuer that they choose (as well as company supplied certs for employee use).

Don’t want the ‘mark of the beast’? Fine, there will be that market in demand also – just more expensive mechanisms like tokens, more risk, etc.

]]>