|
|
|
|
|
|
by SomeCallMeTim
3890 days ago
|
|
|
No, it's not secure information. Any time you use last-4 as something secure, you're doing it wrong. As mentioned above, last-4 is sent by email frequently, and email passes, unencrypted, through intermediate servers all over the Internet. Any compromised host can observe all of the email that passes through it. Any process that uses last-4 to unlock a password or otherwise as a secure token is broken by design. |
|
|
It's not a question of what I use those digits for, it's a question of what everyone else uses them for.