We still have to pretend SSNs are private until both law and common practice change. I expect that to be “functionally never”. Maybe within our lifetimes. Maybe.
My SSN is out there several times over at this point, thanks to breaches at phone companies, insurance companies, CRAs, ISPs, and the rest. I stopped tracking breaches that included the kind of info you’d need to impersonate me, about six years ago. The list was long and it seemed to be a pointless exercise by then.
I also have a mixed credit file with all major CRAs because of more than one person with the same name I have, one of whom lived in the same area.
Even if I didn’t have freezes everywhere, over the phone KBAs stopped working years ago even with my SSN.
The most American approach would be for SSNs to become a de facto universal ID number that you have to give everywhere, while still continuing to function as an unchangeable password to all your most important things.
My SSN is out there several times over at this point, thanks to breaches at phone companies, insurance companies, CRAs, ISPs, and the rest. I stopped tracking breaches that included the kind of info you’d need to impersonate me, about six years ago. The list was long and it seemed to be a pointless exercise by then.
I also have a mixed credit file with all major CRAs because of more than one person with the same name I have, one of whom lived in the same area.
Even if I didn’t have freezes everywhere, over the phone KBAs stopped working years ago even with my SSN.