https://techcrunch.com/2022/04/28/ssn-is-a-username-not-a-password/

A couple of weeks ago yet another of my friends was a victim of identity theft, and I got yet another deep look into how fantastically broken the U.S. can be when it comes to security. “They have my social security number,” she said, and I was reminded of how a lot of systems in the U.S. are woefully poorly designed. To wit: This morning I called my bank and was asked for the last four digits of my SSN and they somehow accepted my identity because I knew those four digits. LOLWUT? If my bank was a startup, I’d call up the chairman of the board and demand its chief security officer be fired on the spot for gross incompetence.

When I moved to the U.S. a couple of years ago, my friends made sure that I knew I had to keep my Social Security number (SSN) secret and hidden. When I started opening a bank account and set up a cell phone plan, it became obvious why: All sorts of institutions that really should know better are treating this string of numbers as a password. There’s a huge, glaring problem with that. I maintain that Equifax should receive the corporate equivalent of capital punishment for allowing this to happen, but 145 million social security numbers were stolen by hackers a few years ago, which means that the Social Security numbers — yes, the same numbers that are being treated as “passwords” — for about half the U.S. adult population are in the wind.