http://reagle.org/joseph/blog/social/applebank-ssn Joseph Reagle http://reagle.org/joseph/blog/social/applebank-ssn Copyright 2003-2010 Joseph Reagle PyBlosxom http://pyblosxom.sourceforge.net/ 1.4.3 01/10/2008 2004-02-18T18:02:36Z http://reagle.org/joseph/blog/2004/02/18/applebank-ssn 2004-02-18T18:02:36Z 2004-02-18T18:02:36Z <p>If you need further evidence as to why using a Social Security Number (SSN) for identification <a href="http://reagle.org/joseph/blog/career/nyu-ssn-request">is a bad idea</a> consider this new story from real life. <a href="http://www.theapplebank.com/">AppleBank</a> recently launched its on-line banking service. In order to sign up for the on-line service I have to provide my SSN and telephone pin number. While I thought my pin number might be the last four digits of my SSN, I didn't even bother trying it: "That would be insanely insecure. I'll call during business hours and figure it out." </p> <p>I've just got off the phone and I was - sadly - right, the only thing you need to access an AppleBank on-line account that has not yet been activated is the person's SSN! When I said this to the customer service representative she responded, "That's the way it's set up." I'm just glad I changed my password before someone less scrupulous figures this out: god help you if you are a <a href="http://reagle.org/joseph/blog/career/nyu-ssn-request">NYU student</a> with an <a href="http://www.theapplebank.com/">AppleBank</a> account.</p> <p></p>