Mat Honan should read Mimsy
In The last four digits of your social security number, I wrote:
There is a sense in which this entire discussion is irrelevant: because the last four numbers of your SSN are what businesses ask for, they are all that a criminal sometimes needs to use your cash or credit.
Or your private information. Since the last four digits of your SSN are used as a de facto password, they’re all hackers need to get access to your accounts. Increasingly, it’s the last four digits of your credit card that’s becoming your password, as Mat Honan discovered recently. Amazon didn’t treat the last four digits of the credit card as securely as they should have. Hey, why should they, it’s only the last four digits, right? It didn’t help that Amazon, like Apple, makes it far too easy for strangers to add things like credit cards and emails to your account. A hacker got his last four credit card digits, and then went to Apple to reset Honan’s iCloud password.
Insecurity questions need to be able to be turned off. The likelihood that they’ll be used for hacking attempts needs to be taken much more seriously. Otherwise, passwords are easily bypassed. And when the insecurity questions themselves can be bypassed for the even less secure billing address and last four of credit card or SSN, that’s insane. At that point there really is no purpose to passwords.
In response to The last four digits of your social security number: The last four digits of your social security number are the least guessable part of your SSN.