Predicting Social Security Numbers from Public Data

we only used publicly available information, and ended up discovering, based on that information, that the randomness [used in assigning SSNs] is effectively so low that the entire 9 digits of an SSN can be predicted with a limited number of attempts. -- Alessandro Acquisti and Ralph Gross of Heinz College, Carnegie Mellon University.
One lesson we can draw is that what was once thought to be secure (or secure enough) is no longer (or not enough). The other lesson is that we need focus mitigating the risks created by the types of fraudulent transactions that are often based on easy-to-obtain credentials like SSNs (see Bruce Schneier's article in Forbes).

Src: Predicting Social Security Numbers from Public Data - FAQ

No comments: