Password = Last 4 Digits of Your SSN = No Protection at Allby Ziptr
WARNING: if you care about protecting your clients’ data, this is not a good solution.
Over the last year, we’ve spoken to hundreds of small business professionals who want to protect their reputation and safeguard their clients’ information. When describing how they do this today, often the response is:
“We send out password protected PDFs” or
“We create a portal login for the user and tell them their password.”
To which we ask, “Is the password the last four digits of their social security number?”
The reply… without fail… in 100% of the cases, is “Yes.”
This is a problem. The first concern is that a four digit numeric password has 10,000 possible combinations - translates to about 13-14 bits of security which the technical people at Ziptr tell me is essentially zero. This means if someone really wants to access the document, it could be done is as little as one hour.
Plus, once you have the last 4 digits of a social security number and combine it with information available about you online, you essentially have the keys to your identity. The first digits of your social security number represent information like where you were born and in what year. Now, look at your Facebook profile page.Slate covered this back in 2009 when 2 Carnegie Mellon professors uncovered a code for cracking SSNs.
Your social security number is not as private as you may think. Some states used SSNs as Driver’s License numbers until a federal law prohibited this as recently as December 2005. Furthermore, countless organizations have your social security number: your school, bank, employer, insurance company, lawyer, doctor, and credit card company. As 2011 headlines remind us, even the most trusted organizations can fall victim to data breach.
Another concern with this approach is that email is not secure. Every system that processes an email receives a copy of the content. There are multiple points of vulnerability from the email server to the ISP to the designated recipient, even if it leaves your system encrypted. Email is often accessible anywhere – on a mobile device, work computer, hotel computer or your laptop. Once on a system and downloaded, this information is exposed to anyone who gains physical or virtual access to that machine. One of our founders Firdaus recently used a hotel lobby computer to check in for a flight – out of curiosity, he opened the download folder and found countless personal documents from previous users: bank statements, tax documents and even a scanned passport.
This why people passionate about security use Ziptr for safe online communication. With one simple solution, you can protect and share even the most private information. Ziptr is more than a file sharing site or simple online storage. Ziptr is a private communication network where everything from the content of your message to the files you attach is automatically backed up, synchronized across your devices and encrypted end-to-end.