[wonderlust]

Social security number is step 1? Then you likely have bigger problems then your gmail. If your in a position that this actually is a big problem, get a private email server and gpg.

[wildmusings]

You can buy lists of Social Security numbers online. You give it to dozens of people and companies in your life, and thousands more have access to it afterward.

[wonderlust]

And with it you can steal an identity.

[felisml]

Because countless companies are stupid and treat it as authentication.

It's a password that you reuse everywhere and never change.

[eru]

By the way, you _can_ change your SSN. Nobody ever bothers to do so, though.

[nommm-nommm]

Only under certain circumstances.

"The SSA may assign a new Social Security numberto you if you are being harassed, abused, or are in grave danger when using the original number, or if you can prove that someone has stolen your number and is using it."

[Meekro]

You're right that many things are insecure. Of all the services people use on a daily basis, Gmail is probably among the best-defended. It still has security problems, though, and I want it to get better and not use the lack of quality competitors as an excuse to stop improving.

Unfortunately, maintaining and securing a private email server can be a big job. Google already does that job, and their data centers are much more secure than the VPS provider where you'll host your private email server.

All I'm asking for -- and I don't think this is unreasonable -- is to rely on their world-class technical security, while being able to disable all password recovery methods, which are vulnerable to social engineering.