[mindslight]

(Re)design systems so that they rightfully treat eg SSN as a mere database key rather than negligently imagining it some kind of shared secret. How this gets applied and the implications differ for each trust relationship.

For example, if you have a bank account at a brick-and-mortar bank (and haven't setup online access), anybody can obtain online access to that account by going to the bank's website and entering your name, social security number, and maybe the recent account balance. This is in fact the exact process a bank rep does when you open a new account if they setup that access for you, or sometimes they even tell you to go home and do this yourself! Similarly, if you forget your online banking password, you can reset it entirely online with access to your email account, making your email account more trusted than the bank account!

In actuality, your being in the bank in person is the primary trust relationship, and that needs to be leveraged for the above scenarios. So online access should only ever be setup in a branch, and perhaps password resets should even require going down there as well.

(Obviously this is just an example and does not also apply to online-only banks. As I said, the key is to stop treating quasi-public information as a shared secret)