Home page logo
/

educause logo Educause Security Discussion mailing list archives

Re: Use of Partial SSN as Authenticator
From: Randy Grimshaw <rgrimsha () SYR EDU>
Date: Thu, 22 Feb 2007 09:04:55 -0500

There was a thread not so long ago
http://listserv.educause.edu/cgi-bin/wa.exe?A2=ind0510&L=security&D=0&P=10284

<><Randy


<><Randall Grimshaw
Room 203 Machinery Hall
Syracuse University
Syracuse, NY   13244
315-443-5779
rgrimsha () syr edu

reitsmac () DENISON EDU 2/22/2007 8:53 AM >>>
As an identifier, it's not unique in large populations
as a password, being short and only digits goes against most password
rules.

Quoting Gary Flynn <flynngn () JMU EDU>:

I've been asked to back up my assertion that the use of
a portion of the SSN ( e.g. last four digits ) as an
authenticator should be avoided as much as the use of
the entire SSN.

Can anyone point me to regulations, best practice studies,
or other material which may back up or refute this
assertion?

thanks,

--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault