[jdhzzz]

Before the digital age, a stash of nine-digit numbers could be kept reasonably secure in a locked filing cabinet behind closed doors. So long as consumers volunteered the numbers judiciously, most people could make it through life without ever suffering a theft of identity.

Old guy here. The reason I know my SSN by heart is that it was my student ID number in college and had to be given at the beginning of each semester to get my course list, later for grades, etc.

I had a credit union account from the 80's and as of the 90's my SSN was printed on each monthly statement.

Both were before the "digital age" and neither could be considered "in a locked filing cabinet" nor under my control.

[ben1040]

You don't even have to be that old to remember this time.

I went to a well-known university and they used SSNs as student ID number until roughly 2001-2002. The first half of my university career, my SSN wound up on every Scantron sheet, exam blue book, and term paper I handed in. It was printed on the front of my ID, and even after they recalled old IDs and replaced them with non-SSN cards, the magstripe track data still had your SSN on it because some old dining hall POS system or something like that hadn't been converted.

It was like fish in a barrel for fraudsters, just root around in the trash after finals week and grab people's term papers. I had quite a few friends who discovered that during the time they were attending college, someone had opened a cell phone (or a credit card, in one person's case) in their name.

This was before the days of the free annual credit report law. So these folks never pulled their own files, and only discovered the fraud years after graduation, when they went to apply for a car or home loan and got denied.

[toss1]

And both were probably illegal at the time. When Social Security was created, people were concerned about it becoming a de-facto national ID system, and it was illegal to use SSNs as an ID for anything other than taxes and Social Security Biz.

Medical insurance companies commonly broke the law but skirted it by saying it was "optional", and of course not telling anyone about the option. At least several times when I applied for insurance, I filled in "Assign ID" and had to correct the first level agent who insisted that I needed to provide and SSN. Patiently insisting that they needed to escalate the call, the first higher-level agents who knew would immediately accept it.

This sort of sloppyness confusing an IDentifier with an authentication has now gotten us into a world of trouble.

[otakucode]

Heh, it actually changed while I was in college. As a CS student, one of the required courses was a 'Computers and Society' course which was basically sort of like a 'where ethics meets technology' course, talking about the social impact of code and computing. The kind of thing many people today seem to have need to attend. But anyhow, during it we mentioned 'hey, why are our student IDs, used everywhere, our SSNs? Isn't that unsafe?' and we actually ended up getting it changed.

Didn't stop some professors from continuing to use them. I had one prof who would use the last 4 digits (oh, only the last 4, those aren't the most important ones or anything) as a way to post psuedoanonymous grades after tests.