July 06, 2009
Threat To Personal Identity Numbers Highlighted

CMU researchers find it too easy to figure out US national identity numbers of individuals.

The nation’s Social Security numbering system has left millions of citizens vulnerable to privacy breaches, according to researchers at Carnegie Mellon University, who for the first time have used statistical techniques to predict Social Security numbers solely from an individual’s date and location of birth.

I have become a lot more wary about publishing info about details of my identity. I don't put my birth date on Facebook and similar venues just because I want to reduce my risks of identity theft.

Online credit card application forms make it easier to guess credit cards.

“A botnet can be programmed to try variations of a Social Security number to apply for an instant credit card,” Acquisti said. “In 60 seconds, these services tell you whether you are approved or not, so they can be abused to tell whether you’ve hit the right social security number.”

I get annoyed at financial institutions that use too few password recovery standard questions and that use questions that have answers that are too easy for others to figure out from public sources. Plus, asking a person's favorite pet's name is dumb for two reasons. First off, some names are more popular for dogs. Second, lots of people know the names of current and previous dogs of others.

Some online financial institutions ask user name and password on the same page. A smaller number of others (and I'm not going to mention by name one I use that is better) first ask your user name and then show you a separate password form personalized to you that does a better job of telling you that you really are dealing with that institution. More should do this.

Also, when typing in a password more financial institutions should show you a password quality measure. A few I deal with do. But most provide no indication whether your password will be easy to guess.

Share |      Randall Parker, 2009 July 06 11:46 PM  Comm Tech Society

Doug said at July 7, 2009 9:45 AM:

Didn't know security was a topic on this blog. Good! To HAVE a future, need to defend in the present. It isn't so tough. Password software like Keepass or Roboform (or others) defeats key-loggers. Such programs should be used by anyone doing online banking or shopping, not to mention online brokerage. Good security blogs like Schneier's or SecurityFocus exist. Free software update checkers, like Secunia's, help. Be obsessive about updates. Good free firewalls and antivirus programs are out there for those who don't wish to pay for such programs. Never, never use dumb passwords! Eight random characters minimum, not words, with uppercase, lowercase, and numbers all mixed up. Can't remember one like that? Get Keepass or Roboform. A free version of Roboform is available. Fourteen-character passwords like that are presently unbreakable even by "brute force" attacks. And use the Firefox browser, not Internet Explorer. Secure your wireless at home! Read the router's manual! It doesn't hurt!

Reader said at July 7, 2009 3:35 PM:

Bank of America--hardly a financial star, but I stick with them--asks for user ID, then shows a second personalized screen for password entry. So at least one major bank has put such a system in place for online users.

tom said at December 17, 2010 9:03 AM:

All these problems can be easly fixed by usig a well built data center security system that only allows access to the database to specific people, based on a various series of questions each of them with a answer predetermined by the user. the minimum number of qeustions asked should me around 5 for a secure login.

Post a comment
Name (not anon or anonymous):
Email Address:
Remember info?

Go Read More Posts On FuturePundit
Site Traffic Info
The contents of this site are copyright ©