I hate it how anyone uses a SSN as both an identifier and an authentication number. If someone gets your SSN, then you are screwed, and getting a new one is hard because you have to go through and replace your identifier everywhere.
Really SSN should only be used as a unique identifier, especially since they are fairly predicable. If you know when and where someone was issued a SSN then you can narrow the possibilities down to just a few.
Ideally everyone would have a credit card sized device that generates authentication numbers, as well as a passcode of some sort (not a password, but a rather large number). The credit card device is actually generating public keys, which is used to encrypt the passcode.
Someone intercepts your traffic? they don't know your public key, nor your passcode
Someone steals your device? they don't know the passcode
Someone somehow gets your passcode? they don't have the device.
Thus the attacker would have to be physically present to get the device, as well as cunning to get the passcode.
The authoritative body has its own private key which is used to ensure that the response can only be from the government.
The hard part is of course getting people to remember (and not write down) their passcode, and being able to physically identify someone in order to issue them a new device/passcode.
Although not necessary you could also have the person trying to do the authentication sign another piece of data with their company's private key. You could mandate that only registered banks and government could even try to authenticate people.