If SSN based fraud is the program then let's establish an actual federal identification number. Even the Social Services bureau tried to get everyone to not use it as the end all source of truth. They only created it for social security benefits, literally only that purpose.

[–] explodicle@sh.itjust.works 7 points 3 hours ago (2 children)

They should just publish every SSN at once with names. That'll make them useless as "secret" numbers and useful as identifiers.

[–] ericatty@infosec.pub 7 points 2 hours ago (1 children)

In college, early 90s, our student IDs had our photo and SSN on it

I've operated ever since under rhe assumption anyone and everyone has access to it.

Then with all the data breaches over the last 10/15 years? Freeze credit reports with the 3 reporting agencies for free. Check for extra accounts with the free annual credit report pulls.

For all practical purposes, our SSNs are easily obtained by someone who wants it.

I'm not sure what the solution is, but a unique identifier has to be housed somewhere where in can be accessed in a format humans can read, which means it can be accessed and dumped so it's no longer private or secret.

I'm not a fan of biometrics, and I tolerate 2FA. I really think it's more important we change how we think about and use personal, unique, identifiers (like SSNs)

[–] JustZ@lemmy.world 2 points 1 hour ago

Any lawyer, law firm employee, private investigator, insurance adjuster, or credit industry can get it easily. I operate under the same presumption.

[–] PrettyFlyForAFatGuy@feddit.uk 2 points 2 hours ago

hasnt that already happened with a data breach? i remember reading something about it