Home page logo
/

basics logo Security Basics mailing list archives

Re: Risk of using SS#s (last 4 digits) for authentication
From: Richard Caley <rjc () interactive co uk>
Date: 12 Nov 2002 10:57:02 +0000

In article <200211091830.gA9IUn329530 () palmermania com>, Griff Palmer (gp) writes:

gp> As a practical matter, using only the last 4 digits of an employee's SSN 
gp> gives some measure of protection to the employee. 

I would have thought that a SSN is rather too widely known/used to be
much use. Eg it might give all of the companies personel and payroll
staff the ability to request a new password for anyone. Plus anyone
who walks past the desk of someone who is not obsessive about hiding
correspondance from the personel people and/or the taxman. Plus the
postman if skilled at opening letters.

Certainly, I'd be very wary of using a financial organisation that
used such a public piece of information as part of their
authentication. 

Could be worse, I recently talked to an insurance company who wanted
my address to confirm who I was an let me try 4 times before I got the
right one. 

-- 
Mail me as MYFIRSTNAME () MYLASTNAME org uk        _O_
                                                 |<


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]