Mimsy Were the Borogoves

Editorials: Where I rant to the wall about politics. And sometimes the wall rants back.

Tumbling to SSN privacy

Jerry Stratton, January 18, 2010

Being right isn’t always satisfying. In June 2006, I wrote:

Giving out the last four digits of your Social Security number makes your entire number a lot more vulnerable. Armed with a computer and an on-line authorization site that doesn’t care if an SSN is checked every day, they probably won’t have any problem finding the rest. Your only hope is that they won’t want to.

Hadley Leggett interviewed privacy researcher Alessandro Acquisti in a July 2009 article on Wired:

There’s only a few short steps between making a statistical prediction about a person’s SSN and verifying their actual number, Acquisti said. Through a process called “tumbling,” hackers can exploit instant online credit approval services—or even the Social Security Administration’s own verification database—to test multiple numbers until they find the right one.

And that was without having the last four digits. Social Security Numbers should never have been used as a combination username and password.

In response to The last four digits of your social security number: The last four digits of your social security number are the least guessable part of your SSN.

  1. Insecurity questions ->