[throw0101b]

> Remember when the US gov did that with a number? The SSN?

The problem is that the SSN is treated as a password when it should be treated as username.

Knowing first.last at gmail.com gives you nothing much, security-wise. Knowing I'm 123456789 at ssn.usps.com wouldn't be that much different, though given the limited search space, it would be an easy target for spammers. (Perhaps expanding from nine digits to something bigger (16+, see perhaps ISO/IEC 7812) would be useful, though there'd have to be a lot of work to update systems, even though they're not short of numbers.)