Educause Security Discussion
mailing list archives
Re: Use of Partial SSN as Authenticator
From: Charlie Reitsma <reitsmac () DENISON EDU>
Date: Thu, 22 Feb 2007 08:53:22 -0500
As an identifier, it's not unique in large populations
as a password, being short and only digits goes against most password rules.
Quoting Gary Flynn <flynngn () JMU EDU>:
I've been asked to back up my assertion that the use of
a portion of the SSN ( e.g. last four digits ) as an
authenticator should be avoided as much as the use of
the entire SSN.
Can anyone point me to regulations, best practice studies,
or other material which may back up or refute this
James Madison University