MSNBC has this story:
There’s a new reason to worry about the security of your Social Security number. Turns out, they can be guessed with relative ease.
A group of researchers at Carnegie-Mellon University say they’ve discovered patterns in the issuance of numbers that make it relatively easy to deduce the personal information using publicly available information and some basic statistical analysis.
The research could have far-ranging implications for financial institutions and other firms that rely on Social Security numbers to ward off identity theft. It could also unleash a wave of criminal imitators who will try to duplicate the research.
Details of the research were published Monday in the Proceedings of the National Academy of Sciences journal and will be explained at the annual Black Hat computer hacker convention in Las Vegas later this month.
The report means companies and other agencies should once and for all stop using Social Security numbers as passwords or unique identifiers, said Professor Alessandro Acquisti, who authored the report.
“We keep living as if they are secure, a secret,” he said. “They’re not a secret.” … . .