The idea of your Social Security Number being somehow a deep, dark secret password that nobody can ever find out and that therefore should give you permission into all your Super Secret Stuff is … darkly, bitterly, laughable. It was never intended to be that, and it's never been protected like that. It is, at best, a convenient way of identifying yourself with a number, akin to your name but with fewer nicknames or questions of middle initial.
Any system that is relying on SSN as a security code, an authenticator (vs simply an identifier), not only needs to be fixed, now, but its designers need to be sent to work hand-addressing letters to people whose identities have been stolen, apologizing for their problems, and its owners need to be shamed in the public square.
This is not a new problem. It's just a problem that's getting worse.
Hackers Love It That Americans Use Their Social Security Numbers for Everything
In both the Anthem insurance hack and the two Office of Personnel Management hacks this year, attackers gained access to Social Security numbers, affecting 80 million and more than 22 million people respectively. The total between the two is probably less than 102 million (if some people were exposed by…
