ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    If there has been a breach.

    Scheduled Pinned Locked Moved Water Closet
    15 Posts 5 Posters 932 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • popesterP
      popester @Dashrender
      last edited by

      @Dashrender truth. I was cleaning out the garage this weekend and found my University of North Texas student ID. Lookey there, my student number is my SS number.

      1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender
        last edited by

        Now a DL can change every time you get a new one, so that's a little safer. But any string you have to provide over and over again as a verification of identity just make it less and less secure. No different than using the same CC number everywhere.

        There are definitely modern solutions. Some countries have created a public/private key pair through a card for their citizens. This would be significantly more secure, as long as the issuing provider doesn't have your private key backed up. 😉

        popesterP 1 Reply Last reply Reply Quote 0
        • popesterP
          popester @Dashrender
          last edited by

          @Dashrender That is what I was kind of thinking about. Something like a State Yubikey similar to the chips that are now on credit cards. At least make it harder for the thieves to profit.

          1 Reply Last reply Reply Quote 0
          • scottalanmillerS
            scottalanmiller @popester
            last edited by

            @popester said in If there has been a breach.:

            My line of thinking is that if your personal information ie. Social Security number Drivers License number have been scooped up in a security breach. That the information on these items is "forever" compromised. Am I correct?

            Yup

            1 Reply Last reply Reply Quote 0
            • scottalanmillerS
              scottalanmiller @Dashrender
              last edited by

              @Dashrender said in If there has been a breach.:

              Pretty much, which makes them horrible 'private' pieces of information.

              Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

              DashrenderD 1 Reply Last reply Reply Quote 0
              • DashrenderD
                Dashrender @scottalanmiller
                last edited by

                @scottalanmiller said in If there has been a breach.:

                @Dashrender said in If there has been a breach.:

                Pretty much, which makes them horrible 'private' pieces of information.

                Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

                Well, we'd like to say they aren't IDs, but the SSN has definitely become a defacto ID. You can hardly do anything without it - you can't get a job with it, they must report to the IRS using it, you can't get credit without it - the credit agencies only use that as a verifier of your identity, etc.

                JaredBuschJ scottalanmillerS 2 Replies Last reply Reply Quote 0
                • JaredBuschJ
                  JaredBusch @Dashrender
                  last edited by

                  @Dashrender said in If there has been a breach.:

                  you can't get a job with it, they must report to the IRS using it

                  Umm, that is why it exists...

                  1 Reply Last reply Reply Quote 0
                  • CloudKnightC
                    CloudKnight
                    last edited by

                    similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @CloudKnight
                      last edited by

                      @StuartJordan said in If there has been a breach.:

                      similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                      If what information was leaked? the DL or central ID?

                      The reality is we can't really function well without some form of central ID - hence the huge use of the SSN in the USA.
                      Though I wonder - is there any kind of check between the SSN use at a creditor and the actual on file name for the assigned SSN at SS? I'm guessing not, so the initial trust is just that - simple trust.

                      CloudKnightC scottalanmillerS 2 Replies Last reply Reply Quote 0
                      • CloudKnightC
                        CloudKnight @Dashrender
                        last edited by

                        @Dashrender If the DL or passport was leaked. The main 2 forms of ID accepted in the UK.

                        1 Reply Last reply Reply Quote 0
                        • CloudKnightC
                          CloudKnight
                          last edited by

                          Another alternative they were thinking about is going to your local newsagents/shop and showing your ID there and then given a unique authorisation code to be entered online. I though both ideas were completely stupid considering a lot of people now use VPNs in the UK.

                          1 Reply Last reply Reply Quote 0
                          • scottalanmillerS
                            scottalanmiller @Dashrender
                            last edited by

                            @Dashrender said in If there has been a breach.:

                            @StuartJordan said in If there has been a breach.:

                            similar subject has been brought up in the UK recently. The government wanted all porn sites to use a central ID checking scheme where access will only be provided using a driving licence or passport etc. Privacy groups mentioned it would be too risky if the private information was ever leaked. This has kind of been stalled now as it was also mentioned that DNS will be encrypted by most browsers soon.

                            If what information was leaked? the DL or central ID?

                            The reality is we can't really function well without some form of central ID - hence the huge use of the SSN in the USA.
                            Though I wonder - is there any kind of check between the SSN use at a creditor and the actual on file name for the assigned SSN at SS? I'm guessing not, so the initial trust is just that - simple trust.

                            Yes, the entire system is just "someone claims it to be true." The system is so flimsy that it is little different than using peoples' names as IDs.

                            The real issue isn't using these things as IDs, although that doesn't work, but going a step further and claiming that an ID is also authentication. That's the real issue.

                            It's the same as stating that a username is good enough and no password is needed. And forcing the username to be a one time numeric value, issued possibly sequentially, that is not unique, and is public.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmillerS
                              scottalanmiller @Dashrender
                              last edited by

                              @Dashrender said in If there has been a breach.:

                              @scottalanmiller said in If there has been a breach.:

                              @Dashrender said in If there has been a breach.:

                              Pretty much, which makes them horrible 'private' pieces of information.

                              Which, neither is. Both are public non-ID items. The issue is random people choosing to avoid using an ID and is effectively a scam.

                              Well, we'd like to say they aren't IDs, but the SSN has definitely become a defacto ID. You can hardly do anything without it - you can't get a job with it, they must report to the IRS using it, you can't get credit without it - the credit agencies only use that as a verifier of your identity, etc.

                              Yes, but it is not an ID in those cases. It's an extra part tied to your other information that together form an ID. SS on its own in not unique, so doesn't identify you.

                              You have to have one, and you have to have the right one, but knowing one doesn't prove the slightest thing to the IRS.

                              Credit agencies make up something unrelated in association with it.

                              1 Reply Last reply Reply Quote 0
                              • 1 / 1
                              • First post
                                Last post