Social Security Numbers are thought by many to be secure IDs. We’re often asked to provide them, even sometimes for fairly routine purchases or services such as contracting for cell phone service.

Researchers from Carnegie Mellon University in Pittsburgh, though, have shown it’s easy to guess many people’s SSN — simply by knowing a person’s place and date of birth.

That’s because SSN numbers are not random. The first three digits relate to the ZIP code of the area where you’re born. The middle two numbers are “group numbers” that can remain constant over a number of years for a given region. The last four digits are assigned sequentially.

The researchers told The Washington Post that they could identify “all nine digits for 8.5 percent of people born after 1988 in fewer than 1,000 attempts.” Cracking the codes of people born in small states is much easier.

The Post article points out that records of a person’s place and date of birth are easily obtainable.

“We can’t pretend anymore that SSNs can be kept secret,” Peter Swire, a law professor at Ohio State University who worked on privacy issues during the Clinton administration, told the Post.

“…I think many people would find it unacceptable that a system continues in use which in effect exposes tens of millions of Americans to fraud and other kinds of harm,” said Ross Anderson, a professor of security engineering at Cambridge University.

A spokesperson for the Social Security administration, Mark Lassiter, said. “For reasons unrelated to this report, the agency has been developing a system to randomly assign SSNs,” which should make it more difficult to discover numbers in the future.

Read the full Washington Post article on the Carnegie Mellon research.

Tags: national id card, privacy