From: cfrye@ciis.mitre.org (Curtis D. Frye)
To: cypherpunks@toad.com
Message Hash: c2c4f9cf0da7415826e8876c2b9a6d7af384a92558ea1cf5a007bbced64111d7
Message ID: <9401062224.AA25295@ciis.mitre.org>
Reply To: N/A
UTC Datetime: 1994-01-06 22:20:12 UTC
Raw Date: Thu, 6 Jan 94 14:20:12 PST
From: cfrye@ciis.mitre.org (Curtis D. Frye)
Date: Thu, 6 Jan 94 14:20:12 PST
To: cypherpunks@toad.com
Subject: U.S. Sprint Using SSN as Passcode?
Message-ID: <9401062224.AA25295@ciis.mitre.org>
MIME-Version: 1.0
Content-Type: text/plain
While listening to NPR this morning, I heard the director of US Sprint
giving a demonstration of his company's new voice-activated long distance
calling system. The user dials 1-800-GIVEUS$ and verbally enters his/her
passcode. Apparently, the system recognizes and checks the code as well as
analyzing the caller's voice pattern, comparing it to a recorded sample to
verify the caller's identity. So, what's the catch?
As hinted in the title, the passcode is the customer's SSN plus one digit
supplied by US Sprint. Now all the bad guys need is a sharp set of ears or
a microphone in the phone booth and they have us by the <insert name of
whatever organs you hold near and dear to your heart>. I hope this idiotic
passcode scheme dies a quick, horrible death. Maybe I misunderstood or the
reporter got it wrong (a permutation on the SSN is little better, though),
but I don't think so.
ObRant about the dangers of giving out one's SSN deleted for brevity.
--
Best regards,
Curtis D. Frye - Economic Analyst, Software Alchemist, Aspiring Author
cfrye@ciis.mitre.org
"If you think I speak for MITRE, I'll tell you how much they
pay me and make you feel foolish."
Return to January 1994
Return to “ferguson@icm1.icp.net (Paul Ferguson)”