Slashdot Mirror
US Studying Ways To End Use of Social Security Numbers For ID (securityweek.com)
wiredmikey quotes a report from Security Week: U.S. officials are studying ways to end the use of social security numbers for identification following a series of data breaches compromising the data for millions of Americans, Rob Joyce, the White House cybersecurity coordinator, said Tuesday. Joyce told a forum at the Washington Post that officials were studying ways to use "modern cryptographic identifiers" to replace social security numbers. "I feel very strongly that the social security number has outlived its usefulness," Joyce said. "It's a flawed system." For years, social security numbers have been used by Americans to open bank accounts or establish their identity when applying for credit. But stolen social security numbers can be used by criminals to open bogus accounts or for other types of identity theft. Joyce said the administration has asked officials from several agencies to come up with ideas for "a better system" which may involve cryptography. This may involve "a public and private key" including "something that could be revoked if it has been compromised," Joyce added.
Sounds like another attempt at a national ID. I am sure it will go as well as all the past efforts.
There's nothing wrong with using SSNs for ID. A unique number for each person in the country? Perfect.
The problem is when it gets treated as a secret, and abused for "authentication". It's not a secret, any more than your date of birth is a secret. It should be treated as publicly available information. Merely "knowing an SSN" should not be sufficient information to do much of anything, except possibly "give someone money".
Make the companies who lost people's identity data in hacks pay for it. All of it. They're the ones who broke SSNs. They should be the ones who pay to fix it.