dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
8
share rss forum feed


anon user

@verizon.net
reply to dave

Re: What is the risk of this?

said by dave:

The lesser risk depends on how the forgot-my-password mechanism is arranged. If they give you a new password right there in exchange for questions of the mothers-maiden-name variety, it's not particularly secure: such data can be found out.

That is what they do, but they only ask for:
Social Security Number, Birth Date as MMDD and Last Name Including Suffix (Example Smith Jr)

So, how safe/risky is it - what they are doing?

Thanks

dave
Premium,MVM
join:2000-05-04
not in ohio
kudos:8
Reviews:
·Verizon FiOS

1 recommendation

They want your social security number - what could possibly go wrong with that?

I now suspect this might be a troll. Apologies if I'm accusing you unjustly - but really, do you have to ask about using your social security number as identification? (Unless, perhaps, this is some financial web site where they have that data anyway; but you're not giving a lot of detail, which helps me suspect trolling).


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless
said by dave:

I now suspect this might be a troll.

The OP could post the site address to prove otherwise but I'm doubting the site exists.


anon user

@verizon.net
said by Snowy:

said by dave:

I now suspect this might be a troll.

The OP could post the site address to prove otherwise but I'm doubting the site exists.

It is at »ws1.aholdusa.com/jgpromos/homeac···dex.html

I can not for security reasons tell you the answers to the security questions OR give to you my account info so that you can verify, once logged in you can not change the password.


Snowy_One

@clearwire-wmx.net
My apologies for doubting you.
As dave See Profile mentioned earlier if the challenge question answers consist of data the site already has then it's not the huge issue it would normally be seen as.

However, exchanging a password for only the challenge question answers is not too sharp, actually it's piss poor security, IMO.

Snowy-not-logged-in


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to anon user
said by anon user :

...That is what they do, but they only ask for: Social Security Number, Birth Date as MMDD and Last Name Including Suffix (Example Smith Jr)
So, how safe/risky is it - what they are doing?

Are you an employee of the organization? That is, is this an access portal into the company network?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by Blackbird:

said by anon user :

...That is what they do, but they only ask for: Social Security Number, Birth Date as MMDD and Last Name Including Suffix (Example Smith Jr)
So, how safe/risky is it - what they are doing?

Are you an employee of the organization? That is, is this an access portal into the company network?

My company used the full 9 digit SSN to validate initial signups to an internet based benefits portal. I think saner heads prevailed.
--
* seek help if having trouble coping
--Standard disclaimers apply.--


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
said by AVD:

said by Blackbird:

said by anon user :

...That is what they do, but they only ask for: Social Security Number, Birth Date as MMDD and Last Name Including Suffix (Example Smith Jr)
So, how safe/risky is it - what they are doing?

Are you an employee of the organization? That is, is this an access portal into the company network?

My company used the full 9 digit SSN to validate initial signups to an internet based benefits portal. I think saner heads prevailed.

An organization I once was part of used SSNs for their employee ID numbers... and then put those numbers on the face of the badges. Ditto for this state using the SSN for your driver's license ID number. It wasn't until there was movement in Congress to assert the privacy of SSNs that such practices faded away. But until Congress moved, no amount of rhetoric could persuade the organization or the state to change their practices. Using a SSN for ID over the Internet is just plain wrong.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


AVD
Respice, Adspice, Prospice
Premium
join:2003-02-06
Onion, NJ
kudos:1
said by Blackbird:

It wasn't until there was movement in Congress to assert the privacy of SSNs that such practices faded away. But until Congress moved, no amount of rhetoric could persuade the organization or the state to change their practices.

it sorta happened overnight, except for the example I cited which happened about 3 years ago.
--
* seek help if having trouble coping
--Standard disclaimers apply.--


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless

1 recommendation

said by AVD:

said by Blackbird:

It wasn't until there was movement in Congress to assert the privacy of SSNs that such practices faded away. But until Congress moved, no amount of rhetoric could persuade the organization or the state to change their practices.

it sorta happened overnight, except for the example I cited which happened about 3 years ago.

I can make a calculated guess @ what you were eating that day.
I'd even say how many slices you had but with much less certainty.