You have commented 339 times on Rantburg.

Your Name
Your e-mail (optional)
Website (optional)
My Original Nic        Pic-a-Nic        Sorry. Comments have been closed on this article.
Bold Italic Underline Strike Bullet Blockquote Small Big Link Squish Foto Photo
Submit your comments on this article
-Land of the Free
The White House and Equifax Agree: Social Security Numbers Should Go
2017-10-04
[Blooberg] The Trump administration is exploring ways to replace the use of Social Security numbers as the main method of assuring people’s identities in the wake of consumer credit agency Equifax Inc.’s massive data breach.

The administration has called on federal departments and agencies to look into the vulnerabilities of employing the identifier tied to retirement benefits, as well as how to replace the existing system, according to Rob Joyce, special assistant to the president and White House cybersecurity coordinator.

"I feel very strongly that the Social Security number has outlived its usefulness," Joyce said Tuesday at a cyber conference in Washington organized by the Washington Post. "Every time we use the Social Security number, you put it at risk."
Yes, it was a quaint, manual process. You were provided a secure numbered account to which a small percentage of your earnings would be placed in the form of a tax. A half-century or so later, you would receive a modest annuity on which you would again pay taxes.
Joyce’s comments came as former Equifax CEO Richard Smith testified before the House Energy and Commerce Committee, the first of four hearings this week on Capitol Hill. Lawmakers from both parties expressed outrage over the size of the breach as well as the company’s response and grilled Smith on the timeline of the incident, including when top executives learned about it.
Posted by:Besoeker

#15  Equifax should go, along with Wells Fargo.
Posted by: Anguper Hupomosing9418   2017-10-04 12:57  

#14  I remember dealing with some receptionist type who snappily asked "what's your 'sosh?'" I said "None of your business and stick your in-house slango up your heinie..."
Posted by: M. Murcek   2017-10-04 12:31  

#13  Blockchain...
Posted by: newc   2017-10-04 12:15  

#12  Heh. I've been saying for years that it should be illegal to use or require a SSN for anything but tax purposes.
Posted by: Iblis   2017-10-04 12:12  

#11  But...but...but...how will illegal aliens get their forged SS cards if the information is secure?
Posted by: Abu Uluque   2017-10-04 11:06  

#10  You also need something that generates a NONCE.
Posted by: Bright Pebbles   2017-10-04 09:54  

#9  The DoD uses something like the above as well to authenticate users. You need 3 things to do so.

Something you have
Something you know
Something you are

CAC card. Programed card with your account logon information. Similar to credit/debit cards with the chip in them.

A password or pin

A fingerprint or Iris scan

Nearly impossible for a hacker to get all 3 and a physical imposter could only get the first two.
Posted by: DarthVader   2017-10-04 09:44  

#8  And when someone cuts off your hand to steal your identity ...
Or your eye...

Modern (good scanners, not the shit ones on phones) scan up to 7 skin layers deep and are designed to look for blood flow. We used such a system in the two factor authentication system for doctors to digitally send pr3scriptions for schedule 3 drugs to the ph@rmacy as part of a pilot program with the feds so the patients didn't need a physical script.

There is still a problem with this level of security, and especially if it is stored locally, is that all this is still a hash. Hashes can be stolen and used to impersonate another account.

Lots of ways to minimize the risk of this, but the risk of a good biometric system having its data stolen is far, far less than what we have now with passwords and numbers.
Posted by: DarthVader   2017-10-04 09:41  

#7  then you'll have bigger worries than your ATM limit getting reached by someone else
Posted by: Frank G   2017-10-04 09:19  

#6  Or your eye...
Posted by: Pappy   2017-10-04 09:01  

#5  And when someone cuts off your hand to steal your identity ...
Posted by: Rambler in Virginia    2017-10-04 08:56  

#4  as Besoeker implies, biometrics are obviously a better choice for ID; possibly a combination of retina and fingerprint

however, there will have to be a back up
Posted by: lord garth   2017-10-04 08:30  

#3  Yes, gold and silver. For many years they were used as legal tender. No matter the imprint or country of origin, their actual value was derived from their weight in ounces or fractions thereof. Credit due the ancients, quite an ingenious system.
Posted by: Besoeker   2017-10-04 08:17  

#2  This is a good idea.

I'm certain each party to the owner of the SSN should have their own signed SSHash and salt, and the real "SSN" is never revealed, just allowed by it's owner to be salted, hashed and shared.
Posted by: Bright Pebbles   2017-10-04 08:00  

#1  Please provide your 'scan' and simply hit send. Thank you for your Amazon purchase.
Posted by: Besoeker   2017-10-04 07:22  

00:00