Skip to main content

Social Security Security

Posted by Julia

In the News

Recent incidents like the Equifax hack have many security specialists questioning whether social security numbers (SSNs) can ever truly be a secure way to identify citizens. Senators push to ditch Social Security numbers in light of Equifax hack by Taylor Hatmaker discusses the argument for replacing static identifiers such as SSNs with a more secure and fluid signifier of identity. For example, nations such as Brazil have successfully implemented a system of renewable certificates that can be easily revoked or reissued to further improve the security of its people’s identity in the case of a breach.

Our Take

In this age of constant breaches, any piece of information that cannot be changed and that acts as a unique identifier for a person or account poses a security risk. Shouldn’t our government-provisioned identity be at least as secure as the average credit card?

Replacing SSNs with a revocable identifier is one way to solve this problem. Another is to require multi-factor authentication any time that that identifier is used:  every time someone tried to use your SSN to open or change an account, you might receive a call, text, or push notification on your phone requiring you to confirm it. Much like the multi-factor authentication used at Northwestern, this would help ensure that your information and financial accounts remained yours by forcing identity thieves to compromise not only your ID, but also your phone, PIN numbers, and other information that is not stored with your SSN. And because you receive a notification, you would be aware that your SSN had been compromised BEFORE any damage could be done, allowing you to report and handle the compromise with no damage to your credit or identity.

Recommendations

Since the infrastructure behind SSNs is not in our control, the most we can do is follow best practices in avoiding identity theft:

  • Be cautious of who is asking for you SSN and why–most of the time, you are not legally required to share it
  • Don’t send your SSN through email attachments or share it on unsolicited phone calls
  • Be sure to shred any documents that contain your SSN
  • Where possible, place a freeze on your credit with all three credit unions, only unfreezing when you anticipate a credit pull for a new asset or account; this is another way to receive notification that your SSN has been compromised without it damaging your standing
  • Submit your taxes well before the deadline:  the earlier you submit, the less time someone has to attempt to claim refunds using your identity