[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?

[Alexander Kjeldaas]

Maybe I'm misunderstanding, but isn't this fairly easy?  Just invent a fine
for companies that use SSN as an authentication mechanism.  Or any
identifier that is knowingly public, including having been made public by a
security breach.

If I used the public corporate registration number for Apple as
authentication trying to get a loan I'd get laughed out of the room.  But
not if I used someone's SSN ¯\_(ツ)_/¯

Alexander


On Tue, Sep 12, 2017 at 8:23 PM, erik <erik at erikgranger.name> wrote:

> Hello. Equifax was pwned, and I'm sure you all already are aware.
>
> It make syou wonder, however, why a single 9-digit number is capable of
> such
> destruction. Why is your identity 9 digits long?
>
> Sure, there are birth certificates as well, but the social security number
> is
> quite a strange phenomenon.
>
> So, here's a challenge for you guys if you're interested: Replace the
> social
> security number as a means of identification, and do it in such a way that
> meets some basic criteria.
>
> -It has to not be completely objectionable and possibly evil (ie, a
> universal
> identification card or microchipping or requiring blood to be drawn, people
> would frea
>
> -It has to be relatively unforgable, or as unforgable as you can figure out
> how to make it
>
> -It has to be suitable for not just applying for Social Security benefits,
> but
> also for applying for loans, mortgages, etc.
>
> I really enjoyed reading the "Have I Been Pwned" discussion that is being
> had
> on this list. Hopefully this will also be an interesting conversation.
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170925/d34b15e4/attachment.html>