Today I logged on to a government web site to fill out some forms. I was expecting this and was happy to see a post card with my customer id and a reminder to go to the web site. I was horrified when I was asked for the customer id or my social security number and my birth date to authenticate me. My social security number is not something that I give out but I am relatively free with my birth date as it seems to be pretty harmless to give out. Of course anyone could read the postcard and have that information. The page that displayed after I authenticated had my social security number, birth date, address, phone numbers including cell phone, and height, weight, hair and eye color. It seems this would be very useful to someone engaging in identity fraud.

I guess I will have to figure out who is the correct person to report the problem to and hope they fix it before I have to fill out the forms next year.

Read the complete post at http://www.grokdev.com/Blogs/scott/2008/03/01/MoreWebInsecurity.aspx