Your Social Security number may not be secure. But how could we replace it?

They’re supposed to be the nine most closely guarded numbers in your life. But with an ever-growing number of companies asking for Social Security numbers – and then hit by cyber breaches exposing them – experts say the Social Security number is clearly a flawed way to accurately identify someone.

In fact, some argue that the IDs should be all but retired. “Congress should prohibit the use of Social Security numbers as a personal identifier outside of the Social Security system itself,” Daniel Castro, vice president of the Information Technology and Innovation Foundation, wrote recently at Real Clear Policy.

Yet coming up with a good alternative is not an easy task. People have been thinking about it for years. In 2011, the Obama administration set up a center to look into the concept of a digital identity. After the Equifax breach, privacy and security experts have called for more funding for that program, the National Strategy for Trusted Identities in Cyberspace, to replace the Social Security number as an identification number in the pubic and private sector. Part of that group has come up with a set of best practices for security, but even with improving identification and security technologies, no silver bullet has emerged for replacing this broken system.

One issue with Social Security numbers is that they’re widely distributed and, therefore, not at all private. You can hardly rent an apartment or apply for a job today without coughing up your SSN. Thanks to breaches, your number could be found nearly anywhere.

Second, they aren’t particularly secret. The first three digits are known to be a geographical code based on where you lived when you first registered for your number. (You can find those codes on Wikipedia, for crying out loud.) Another component for making a number? Your birth date, which is basically public information in an age of the Internet.

So even if someone gets just part of your number, it can be easy to figure out the rest. Researchers in 2009 wrote an algorithm that could predict a Social Security number correctly 44 percent of the time in the United States overall and as much as 90 percent of the time in smaller, individual states. And that was without having the last four digits – the numbers we most commonly give to companies and that therefore are at highest risk in a breach.

Which brings us to another big issue with the SSN: It’s not easy to get a new one. The Social Security Administration lists fraud among the allowed reasons for obtaining a new number, but you have to submit proof of continuing harassment and other documents that prove who you are. When companies such as Equifax aren’t proactive or clear about telling users whether their information has been exposed, that leaves the average person in a lurch.

One possible alternative is biometrics. The strength of biometrics is that your face and fingerprints are uniquely yours on a detailed level. (Even identical siblings have different freckles, scars, etc.)

But that’s also a weakness. Fingerprints are public, as Sen. Al Franken, D-Minn., noted in a 2013 letter to Apple detailing concerns about its Touch ID scanners. We leave traces of our prints on everything we touch. Our faces are also quite public, especially in the age of social media – a point Franken brought up again last week after Apple introduced Face ID.

Another alternative is a technology known as blockchain, which creates a public ledger of transactions. Estonia uses a form of blockchain technology – which powers cryptocurrencies such as bitcoin – as the backbone for a digital ID system its citizens use for medical services, travel checkpoints and even for voting.