{"id":128037,"date":"2015-09-17T18:43:32","date_gmt":"2015-09-18T00:43:32","guid":{"rendered":"http:\/\/hill-kleerup.org\/blog\/2015\/09\/17\/if-you-need-further-proof-that-the-social-security-number-is-not-a-security-code.html"},"modified":"2015-09-18T10:32:55","modified_gmt":"2015-09-18T16:32:55","slug":"if-you-need-further-proof-that-the-social-security-number-is-not-a-security-code","status":"publish","type":"post","link":"https:\/\/hill-kleerup.org\/blog\/2015\/09\/17\/if-you-need-further-proof-that-the-social-security-number-is-not-a-security-code.html","title":{"rendered":"If you need further proof that the Social Security Number is not a security code"},"content":{"rendered":"<p>So one interesting thing I&#39;ve learned from my foray into the world of Unemployment Insurance is that Colorado uses the SSN as your userid and identifier for pretty much everything (actually, use for unemployment claims was part of the original usage of the Social Security Card. Though they make some passing effort to keep it secret \/ keep it safe (e.g., when you log into the site, where your SSN is your default userid, the userid field is masked; when you sign in at the county work assistance office, you key your SSN onto a keypad (which, annoyingly, is a computer numeric keypad, not a phone keypad), it&#39;s clearly not <i>actual<\/i> security, because not only does the online system require an additional password (which you define), but for pretty much any functionality they also send you a 4-digit PIN through the mail.<\/p>\n<p>So, let&#39;s count all of that:<\/p>\n<p>1. Your SSN (which often comes printed on paperwork)<br \/>2. Your login account (SSN) password (definable by you)<br \/>3. A 4-digit PIN (assigned to you and sent through the mail)<\/p>\n<p>So again we have the too-common tension between the SSN being some sort of sooper-sekrit code that you should never let anyone know because with it you can apparently have all your bank accounts stolen because banks are STOOPID, and an acknowledgment that it needs additional passwords because, well, people can pretty easily learn it and then do things with your unemployment account unless there is an additional layer of security.<\/p>\n<p>I kind of wish we&#39;d just treat it as a public national ID number and go on from there. As a security measure, it&#39;s nearly useless, even if assumed in too many places.<\/p><\/blockquote>\n<div style='text-align:center'><a href='https:\/\/plus.google.com\/photos\/101083456815352083930\/albums\/6195648256569236705\/6195648265991489090'><img src='https:\/\/lh3.googleusercontent.com\/-weZlYWFJjZQ\/VftdRZ-wBkI\/AAAAAAADYoA\/4rQicKjDhwI\/Edward-Elmer-Heber-Social-Security-Card-Back%255B1%255D.jpg?imgmax=660' style='max-width:650px;' \/><\/a><\/div>\n<div style='text-align:center'>\n<a href='' style='width:50px;height:50px;display:inline-block;background-size:cover;background-image:url();'><\/a>\u00a0\n<\/div>\n<p><span style='font-size:small;'><a href='https:\/\/plus.google.com\/+DaveHill47\/posts\/hvmmJQmUG3Y'>View on Google+<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>So one interesting thing I&#39;ve learned from my foray into the world of Unemployment Insurance is that Colorado uses the SSN as your userid and identifier for pretty much everything (actually, use for unemployment claims was part of the original usage of the Social Security Card. Though they make some passing effort to keep it &hellip; <a href=\"https:\/\/hill-kleerup.org\/blog\/2015\/09\/17\/if-you-need-further-proof-that-the-social-security-number-is-not-a-security-code.html\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;If you need further proof that the Social Security Number is not a security code&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":128038,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[106,375,883],"tags":[],"class_list":["post-128037","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-plusposts","category-computer-security","category-job-hunt"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2015\/09\/Edward-Elmer-Heber-Social-Security-Card-Back5B15D.jpgimgmax=660.jpg","jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":134736,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/18\/social-security-numbers-broken-alternative.html","url_meta":{"origin":128037,"position":0},"title":"Social Security Numbers are broken. What is the alternative?","author":"***Dave","date":"Mon 18-Sep-17 11:41am","format":false,"excerpt":"We are increasingly a data-driven world. There are electronic records about us everywhere, and we rely on them in a thousand different ways to identify us. But anyone who's ever worked with a system that tries to reliably and consistently identify people knows that it's a problem. What identifier is\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/Equifax-HQ.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]},{"id":51730,"url":"https:\/\/hill-kleerup.org\/blog\/2015\/07\/14\/all-your-ssn-are-belong-to-us.html","url_meta":{"origin":128037,"position":1},"title":"All Your SSN Are Belong To Us","author":"***Dave","date":"Tue 14-Jul-15 12:03pm","format":false,"excerpt":"The idea of your Social Security Number being somehow a deep, dark secret password that nobody can ever find out and that therefore should give you permission into all your Super Secret Stuff is ... darkly, bitterly, laughable. It was never intended to be that, and it's never been protected\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":133915,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/07\/20\/okay-can-we-stop-treating-ssn-as-a-super-seekrit-thing.html","url_meta":{"origin":128037,"position":2},"title":"Okay, can we stop treating SSN as a Super-Seekrit Thing?","author":"***Dave","date":"Thu 20-Jul-17 3:43pm","format":false,"excerpt":"Because, really, they keep getting leaked \/ hacked \/ discovered, and the there's all sorts of \"Oh noes, with a person's SSN they can pretend to be them.\"Just treat it as another attribute and figure out some other validation mechanism. This one's as broken (and obsolete) as \"Mother's Maiden Name\"\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":44451,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/08\/19\/information-must-be-free-or-stolen.html","url_meta":{"origin":128037,"position":3},"title":"Information must be free (or stolen)","author":"***Dave","date":"Tue 19-Aug-14 1:08pm","format":false,"excerpt":"So any of you companies who are still relying on date of birth or SSN as a means of proving identity -- just ... stop.Reshared post from +Les JenkinsWell that's not good.\ufeff Hackers steal records on 4.5 million patients from healthcare system Data included Social Security numbers as well as\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":46151,"url":"https:\/\/hill-kleerup.org\/blog\/2014\/10\/29\/so-for-those-who-think-im-simply-a-partisan-hack.html","url_meta":{"origin":128037,"position":4},"title":"So for those who think I&#039;m simply a partisan hack","author":"***Dave","date":"Wed 29-Oct-14 4:13pm","format":false,"excerpt":"... I'm more than willing to say that the actions of the Kentucky state Democratic Party here were absolutely wrong. (As were those of the local police who provided an unredacted arrest record.) Originally shared by +Boing Boing: Hey! Did you hear the one about the political mailer that includes\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":134597,"url":"https:\/\/hill-kleerup.org\/blog\/2017\/09\/07\/basically-consider-worst-personal-identity-data-breach-ever.html","url_meta":{"origin":128037,"position":5},"title":"So basically consider this the worst personal identity data breach ever","author":"***Dave","date":"Thu 7-Sep-17 6:27pm","format":false,"excerpt":"Equifax is one of the three major consumer credit reporting agencies, with oodles of information about every American consumer and their finances. And they got hacked, and about 143 million people's data -- addresses, SSNs, birth dates, even drivers license numbers -- are in the wild. They have a page\u2026","rel":"","context":"In &quot;~PlusPosts&quot;","block_context":{"text":"~PlusPosts","link":"https:\/\/hill-kleerup.org\/blog\/category\/blogging\/plusposts"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/hill-kleerup.org\/blog\/wp\/wp-content\/uploads\/2017\/09\/unnamed-3.jpg?resize=350%2C200&ssl=1","width":350,"height":200},"classes":[]}],"_links":{"self":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/128037","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/comments?post=128037"}],"version-history":[{"count":1,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/128037\/revisions"}],"predecessor-version":[{"id":128074,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/posts\/128037\/revisions\/128074"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media\/128038"}],"wp:attachment":[{"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/media?parent=128037"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/categories?post=128037"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hill-kleerup.org\/blog\/wp-json\/wp\/v2\/tags?post=128037"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}