> Imagine if they demanded your SSN to sign up? A phone number is no different or less sensitive a unique identifier, perhaps even moreso these days.
I have extremely bad news for you. US Social Security Numbers are not in fact unique, and the fact they're "sensitive" is a terrible joke because it's pretty easy to discover the SSN for an individual based on public information, especially older people because SSNs weren't even randomised at issuance until relatively recently.
Any system that depends on keeping public facts secret is horribly broken, yes that also includes "verifying" credit cards based on a bunch of digits that are written right on the card itself.
I work on such a system. I have the same sentiment as you, but the reality is that every entity along the way, including federal, state, county, city, and sub-city level governments all treat SSN as a unique identifier and accept no substitutes. The one and only way to get away from this is to pass massive legislature and have the federal government provide better IDs to the public, something most people don’t actually want. It will never happen unless a massive amount of people get defrauded overnight. Like 10-40% of the country, and literally in a short enough period of time to create a news shitstorm. This cannot be changed by your software system being different, and if it is, it will already start at a disadvantage for not being compatible with everything around it.
I'm aware, I'm a hacker (in the evening news definition of the term as well as the TMRC one). I was referring to the fact that most USians would not sign up for a whatever b2c service that demanded their SSN, but wouldn't hesitate to provide their phone number.
I have extremely bad news for you. US Social Security Numbers are not in fact unique, and the fact they're "sensitive" is a terrible joke because it's pretty easy to discover the SSN for an individual based on public information, especially older people because SSNs weren't even randomised at issuance until relatively recently.
Any system that depends on keeping public facts secret is horribly broken, yes that also includes "verifying" credit cards based on a bunch of digits that are written right on the card itself.