Obama presses for global, more secure authentication standard
The Obama administration on Friday asked the private sector to work on developing a standard for authentication, saying passwords are not secure enough and were not helping in preventing identity theft. The system could viably be used to not only verify identities online, but off as well it says.
Officials say the benefits of the President's so-called National Strategy for Trusted Identities in Cyberspace are two-fold: as well as offering a more secure authentication process, it would also ensure ultra-sensitive information such as financial or health records would only be accessible by that person.
"By making online transactions more trustworthy and better protecting privacy, we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation," Obama said in a statement announcing the plan. "That's why this initiative is so important for our economy."
The goal is simple: instead of disparate passwords and authentication methods, a single credential would provide access to any secure website. While some may criticize this as a way for hackers to essentially gain access to a person's entire digital life, the Obama Administration is proposing giving users choice on how they employ it.
"NSTIC envisions a private sector led effort to create a new infrastructure for the Internet, built on interoperable, privacy-enhancing, and secure identity credentials," White House cybersecurity coordinator Howard Schmidt wrote in a blog post. "This new infrastructure is centered around choice. First, you don't have to use it at all. If you do, you can choose when or how to use it."
Participation would of course be voluntary among companies as well, but the system would only be valuable if a large number of websites participate. But the Administration has a valid interest in appearing in front of the issue: about 130 hours are lost by every person in fighting identity theft, with an average out of pocket expense of $631 -- not including any damage to the person's credit.
Whenever the plan (or portions of it) head for actual votes in Congress, it is sure to see some pushback from Republicans and other conservative lawmakers. The system would likely require some type of compulsion to be successful, and business regulation is frowned upon by the conservative base.
At the same time, identity theft and data loss is a hot topic, considering the recent hack of e-mail marketer Epsilon, which its former CEO told Betanews was akin to a shopping mall losing its master key. That breach may have exposed the personal data of hundreds of thousands if not millions of Internet users.