Mat Honan should read Mimsy
In The last four digits of your social security number, I wrote:
There is a sense in which this entire discussion is irrelevant: because the last four numbers of your SSN are what businesses ask for, they are all that a criminal sometimes needs to use your cash or credit.
Or your private information. Since the last four digits of your SSN are used as a de facto password, they’re all hackers need to get access to your accounts. Increasingly, it’s the last four digits of your credit card that’s becoming your password, as Mat Honan discovered recently. Amazon didn’t treat the last four digits of the credit card as securely as they should have. Hey, why should they, it’s only the last four digits, right? It didn’t help that Amazon, like Apple, makes it far too easy for strangers to add things like credit cards and emails to your account. A hacker got his last four credit card digits, and then went to Apple to reset Honan’s iCloud password.
Insecurity questions need to be able to be turned off. The likelihood that they’ll be used for hacking attempts needs to be taken much more seriously. Otherwise, passwords are easily bypassed. And when the insecurity questions themselves can be bypassed for the even less secure billing address and last four of credit card or SSN, that’s insane. At that point there really is no purpose to passwords.
In response to The last four digits of your social security number: The last four digits of your social security number are the least guessable part of your SSN.
- How Apple and Amazon Security Flaws Led to My Epic Hacking: Mat Honan
- “In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.” (Techmeme thread) (Hat tip to Arnold Kim at MacRumors)
More insecurity questions
- Insecurity questions on phones and at banks
- How important are the last four digits of your social security number? That and a high school yearbook can get a hacker your bank account.
- What is your favorite color?
- This is why I don’t like password recovery schemes that ask question which are public knowledge.
More social security numbers
- Jim Rockford comes to identity theft
- It’s easy enough to guess an SSN, if you know the SSN of someone born at the same location and the same time.
- Insecurity questions on phones and at banks
- How important are the last four digits of your social security number? That and a high school yearbook can get a hacker your bank account.
- Tumbling to SSN privacy
- Guessing social security numbers based on the statistical analysis I talked about in “The last four digits of your social security number” now has a name: “tumbling”.
- The last four digits of your social security number
- The last four digits of your social security number are the least guessable part of your SSN.