ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    If there has been a breach.

    Water Closet
    5
    15
    385
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • popester
      popester last edited by

      My line of thinking is that if your personal information ie. Social Security number Drivers License number have been scooped up in a security breach. That the information on these items is "forever" compromised. Am I correct?

      scottalanmiller 1 Reply Last reply Reply Quote 0
      • Dashrender
        Dashrender last edited by

        Pretty much, which makes them horrible 'private' pieces of information.

        A SSN never changes, so it's not something that's really secure, or secure able. The use of them is so ubiquitous that using them for credit checking is just absurd

        popester scottalanmiller 2 Replies Last reply Reply Quote 0
        • popester
          popester @Dashrender last edited by

          @Dashrender truth. I was cleaning out the garage this weekend and found my University of North Texas student ID. Lookey there, my student number is my SS number.

          1 Reply Last reply Reply Quote 0
          • Dashrender
            Dashrender last edited by

            Now a DL can change every time you get a new one, so that's a little safer. But any string you have to provide over and over again as a verification of identity just make it less and less secure. No different than using the same CC number everywhere.

            There are definitely modern solutions. Some countries have created a public/private key pair through a card for their citizens. This would be significantly more secure, as long as the issuing provider doesn't have your private key backed up. 😉

            popester 1 Reply Last reply Reply Quote 0
            • popester
              popester @Dashrender last edited by

              @Dashrender That is what I was kind of thinking about. Something like a State Yubikey similar to the chips that are now on credit cards. At least make it harder for the thieves to profit.

              1 Reply Last reply Reply Quote 0
              • scottalanmiller
                scottalanmiller @popester last edited by

                @popester said in If there has been a breach.:

                My line of thinking is that if your personal information ie. Social Security number Drivers License number have been scooped up in a security breach. That the information on these items is "forever" compromised. Am I correct?

                Yup

                1 Reply Last reply Reply Quote 0
                • scottalanmiller
                  scottalanmiller @Dashrender last edited by

                  @Dashrender said in If there has been a breach.:

                  Pretty much, which makes them horrible 'private' pieces of information.

                  Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

                  Dashrender 1 Reply Last reply Reply Quote 0
                  • Dashrender
                    Dashrender @scottalanmiller last edited by

                    @scottalanmiller said in If there has been a breach.:

                    @Dashrender said in If there has been a breach.:

                    Pretty much, which makes them horrible 'private' pieces of information.

                    Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

                    Well, we'd like to say they aren't IDs, but the SSN has definitely become a defacto ID. You can hardly do anything without it - you can't get a job with it, they must report to the IRS using it, you can't get credit without it - the credit agencies only use that as a verifier of your identity, etc.

                    JaredBusch scottalanmiller 2 Replies Last reply Reply Quote 0
                    • JaredBusch
                      JaredBusch @Dashrender last edited by

                      @Dashrender said in If there has been a breach.:

                      you can't get a job with it, they must report to the IRS using it

                      Umm, that is why it exists...

                      1 Reply Last reply Reply Quote 0
                      • StuartJordan
                        StuartJordan last edited by

                        similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                        Dashrender 1 Reply Last reply Reply Quote 0
                        • Dashrender
                          Dashrender @StuartJordan last edited by

                          @StuartJordan said in If there has been a breach.:

                          similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                          If what information was leaked? the DL or central ID?

                          The reality is we can't really function well without some form of central ID - hence the huge use of the SSN in the USA.
                          Though I wonder - is there any kind of check between the SSN use at a creditor and the actual on file name for the assigned SSN at SS? I'm guessing not, so the initial trust is just that - simple trust.

                          StuartJordan scottalanmiller 2 Replies Last reply Reply Quote 0
                          • StuartJordan
                            StuartJordan @Dashrender last edited by

                            @Dashrender If the DL or passport was leaked. The main 2 forms of ID accepted in the UK.

                            1 Reply Last reply Reply Quote 0
                            • StuartJordan
                              StuartJordan last edited by

                              Another alternative they were thinking about is going to your local newsagents/shop and showing your ID there and then given a unique authorisation code to be entered online. I though both ideas were completely stupid considering a lot of people now use VPNs in the UK.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmiller
                                scottalanmiller @Dashrender last edited by

                                @Dashrender said in If there has been a breach.:

                                @StuartJordan said in If there has been a breach.:

                                similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                                If what information was leaked? the DL or central ID?

                                The reality is we can't really function well without some form of central ID - hence the huge use of the SSN in the USA.
                                Though I wonder - is there any kind of check between the SSN use at a creditor and the actual on file name for the assigned SSN at SS? I'm guessing not, so the initial trust is just that - simple trust.

                                Yes, the entire system is just "someone claims it to be true." The system is so flimsy that it is little different than using peoples' names as IDs.

                                The real issue isn't using these things as IDs, although that doesn't work, but going a step further and claiming that an ID is also authentication. That's the real issue.

                                It's the same as stating that a username is good enough and no password is needed. And forcing the username to be a one time numeric value, issued possibly sequentially, that is not unique, and is public.

                                1 Reply Last reply Reply Quote 1
                                • scottalanmiller
                                  scottalanmiller @Dashrender last edited by

                                  @Dashrender said in If there has been a breach.:

                                  @scottalanmiller said in If there has been a breach.:

                                  @Dashrender said in If there has been a breach.:

                                  Pretty much, which makes them horrible 'private' pieces of information.

                                  Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

                                  Well, we'd like to say they aren't IDs, but the SSN has definitely become a defacto ID. You can hardly do anything without it - you can't get a job with it, they must report to the IRS using it, you can't get credit without it - the credit agencies only use that as a verifier of your identity, etc.

                                  Yes, but it is not an ID in those cases. It's an extra part tied to your other information that together form an ID. SS on its own in not unique, so doesn't identify you.

                                  You have to have one, and you have to have the right one, but knowing one doesn't prove the slightest thing to the IRS.

                                  Credit agencies make up something unrelated in association with it.

                                  1 Reply Last reply Reply Quote 0
                                  • First post
                                    Last post