« Their Capers' Public Fields | Main | Economics of Net Neutrality »

May 23, 2006



SSNs make bad keys as well. They lack a check digit, they're externally controlled, and they're likely to be re-used for other purposes. Much better to have a locally generated key than an SSN.


I agree that the issue is to find a good authenticator. I agree that if your only issue is to identify someone uniquely in your own database, you can generate any kind of ID you want and use that as a key -- and that those are two different things.

I'm not sure how a cert would be any better as an authenticator than an SSN, though. It would still have to be portable for the user, which means it could be swiped and copied. It sounds like some companies are limping along with a whole bunch of weaker authentication factors, hoping that the combination will create a minimally trustable authentication.

Take your experience with the rental car company. They authenticated you informally by having a person talk to you on the phone and somehow come to the conclusion that you were probably legit. Then they authenticated you by establishing that the email address you gave them could send and receive mails, and that it was associated somehow with the voice at the other end of the phone, which claimed to be associated with that rental car entry in their database.

And that's just a company that doesn't really NEED to authenticate you, as long as your money's good.

The problem is that in a lot of cases, an individual needs to be able to authenticate himself to multiple entities, and some of those entities may need to be able to track that individual and establish that they're talking about the right one when they talk to each other about him. Do they get to pass the individual's cert along to match him up?

What you keep coming back to is a requirement for a unique, universal authentication factor.

So walk me through this, guys. Tell me, for example, how Juan Gonzalez is supposed to register at a new school and prove that he was the same one who previously attended a school in another district so that he can get his course credits. Tell me how both schools authenticate him AND identify him uniquely so that they can transfer the transcripts. Now tell me how they authenticate his immunization records so that he can attend the school.

(I won't even stack the deck by pointing out that a lot of students attend under made-up SSNs if they aren't legal residents.)

Seriously, help me out here, guys, because these are the kinds of problems I deal with every day. I agree that we have to ditch the SSN precisely because of its use as an authenticator for financial transactions. If there is no financial gain from stealing an authenticator, then it won't be as valuable and maybe we can use it longer. So tell me how we split these off, and how this is supposed to work with a cert.

The comments to this entry are closed.

My Photo

Risk Reading

Blog powered by Typepad