I’ve long hated the use of Social Security Numbers for authentication. They’re not arbitrary, they provide no identification (it’s just your name and a number on a blue paper card), and, as it turns out, they can be guessed with surprising accuracy. A paper (Abstract)(PDF) published in the Proceedings of the National Academy of Sciences by researchers from Carnegie Mellon University explains how the scientists were able to deduce possible SSNs from publicly-available information for persons with approximately 8% accuracy in 1000 tries, and up to 44% accuracy in other tests. The alarming thing about this is that an American’s SSN is used as proof of identification, and as an authentication token, in many respects. I memorized my SSN because I needed it in college, for about everything. You’d walk in to an office, say, Financial Aid, and they’d ask you your SSN to look you up. In many cases, that’s all the authentication I needed, rattling off a nine digit number that was tied to my birth location. It shouldn’t take a paper like this to show what a terrible system this is, but maybe this new revelation will help institutions look to some other option for a global identification/authentication token.

Me, I suggest we all have an OpenSSL certificate, signed by the US Government, that we carry on either a USB key or some single-purpose token like a YubiKey. The certificate will serve as the identification token, with a passphrase (or some biometric) to unlock the cert which works as authentication. In this way, we could have a universal means of providing two-factor authentication for any purpose; something we have (the cert) and something we know (passphrase). We will always have the problem of weak passphrases, but I suspect a passphrase will be a step up from the very weak system we have now, the Social Security Number.

A global, signed certificate would also allow for encryption whenever we need it. Email can be sent securely, that’s well known, but it’s not in wide use because of competing standards and the high barrier to entry. If everyone had a cert, and everyone used it for all sorts of things, mail clients would be far more likely to implement such a system, and we could easily communicate securely with anyone else electronically, both by preventing eavesdropping, and also assuring some factor of identification. Email could be both encrypted, guaranteeing that only intended recipients see the message, and also could be signed, assuring the recipients that the message came from the specified sender.