Identity theft is a $50 billion problem, and the habits of citizens can sometimes make them targets for identity theft. A recent article highlighting that the very sensitive Social Security Number is crackable, that is predictable at an increasing rate made me reflect on my own habits and practices and put me in a sharing mood.
The algorithm developed by computer scientists at Carnegie-Mellon University was able to correctly predict the SSN for Americans born after 1988 for 8.5% of targets in less than 1,000 attempts. That’s an alarming prospect involving trivial computational resources.
Of course victims don’t deserve to have their identities stolen. But their online activities does impact their ability to be safe.
For example, the other day a social networking site that I was contemplating joining asked me to provide my birthdate information. I ignored the request and was told it was mandatory. Too bad and I left.
FaceBook allows users to post their birthdates for friends to see. Of course, we all love getting attention on our birthdays, but since it is a big site and acts as a big target for hackers, getting that database of birthday information is worth a great deal of effort.
A friend in New Jersey signed up to a birthday registration site and asked me to do the same so both he and I could exchange automated email birthday wishes in some kind of grand calendar. I refused. Even though I like to birthday greetings (my half-life is coming due soon) like anybody else, I don’t like to share it online because I am concerned about the risk of theft and abuse. Surely if the nations largest retailers are routinely hacked for credit card information, a crummy birthdate calendaring site is not only a softer target but they’re not likely to do anything about it when they discover the hack… and neither are the victims.
So what can you do if you know where someone lives and their birthdate?
With the rise in phishing attacks masquerading as banking sites, ebay or paypal sites, users can be duped into providing other sensitive personal information like mother’s maiden names that further takes down one more layer in the wall of security around any one person, like the brick game, shown here for Pocket PC.
So, if someone can predict your SSN, and someone else can find your birthday, and someone else can find out your address…. Isn’t that a recipe for disaster?
Stop the gathering, publishing and promoting of birthdates on line. Keep this a personal, human-to-human thing.
Create a service that discovers and reports what the web knows about you. I like the idea of reports that are more personal than the web reputation services I’ve seen for brand reputation management services. Downside of course, is that you can find out information about people who aren’t you. Could be useful in tracking down deadbeat dads that owe child support payments.