Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

With the frequency of these breaches, it feels like we are moving to a post-security world where SSNs and DOBs are simply public information.

Would that really be such a bad thing? Both seem completely replaceable as authentication steps.



As always comes up, its not really identity theft, as that information doesnt help you do anything but defraud banks who are not taking time to properly verify who they are lending to. We just call it that so it's not the bank's fault. "Your identity was stolen, we couldn't do anything! "

Check a photo ID. Check a public cert. Take a fingerprint.


This. A bank you've never heard of fails to identify someone they're giving money to? Your problem, even though you weren't even one of the parties involved.

Is a credit agency illegally spreading false information about you? Not their problem, after all, they can't be expected to know they're spreading false information. Also, they advertise that they are in possession of credit monitoring systems capable of detecting this false information. How is this not libel?


I have heard that in some poorer countries, authorities are requiring fingerprints, passport size photos, and even video statements for certain transactions and real estate.


up till late 1990s SSN and DOB were public information, as they were printed on never-secured student IDs in American schools, for instance, and who knows where those unprotected lists went.


my email address at the university from 2000-2003 had the last 4 of my SSN in it.


I had orders in the military listing hundreds of people’s name and SSN. This was ~2007


This practice went on all the way into the mid-2000s at least (I graduated in 2006 and my SSN (which doubled as a student id) was printed on my student ID back then)


My university used it as the student id, so who knows how many hundreds of places that got copied. Including smeared all over the virtual desktop systems as it was your login identifier.


Can you imagine a private company giving you an account number that you can use to do things without needing to know a password?

Would that situation persist for decades?


Most European countries have some sort of strong online authentication with two factor, so it is doable.


Of course it's doable.

But SSNs aren't even ONE factor.

It's time the US government entered the 21st century.


For example?


BankID in Sweden. Sucks that it is privately owned though.

https://en.m.wikipedia.org/wiki/BankID


Not sure it's strong, but The Netherlands has DigiD with 2FA?


I love DigiD. After coming from the US, it’s beautiful.


When Social Security was introduced, the government encouraged people to get a tattoo of their SSN so they wouldn't forget it [1].

[1]: https://blog.nyhistory.org/tattoo-as-memory-prompt/


It seems like it was tattoo artists (not the government) recommending tattoos, as you would expect. It is still interesting, but a bit less sensationalist.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: