The White House continues to advocate for a new system of verifying identities online by relying on third-party authentication through what’s been described as an “identity ecosystem.”
According to Michael Daniel, the White House’s cybersecurity coordinator, “the system of passwords as it exists today is hopelessly broken.” He gave as an example the need for Facebook users to change passwords because another company, Adobe, was hacked recently. Users frequently use the same password across multiple websites and platforms including banks.
In a blog post he sounded an optimistic note about efforts driven by the National Institute of Standards and Technology and a non-profit Identity Ecosystem Steering Group to develop a new means of authenticating users.
According to NIST, the National Strategy for Trusted Identities in Cyberspace – NSTIC, initiative(announced toward the end of President Obama’s first term) envisions a marketplace allowing people to choose among multiple identity providers – both private and public – that would issue trusted credentials that prove identity. The idea is to take authentication out of the hands of the user to some extent. For example, once this technology has been deployed in the market, an Internet-service provider might provide a smart card that an individual could plugin to a computer to verify identity. Or, someone might download a digital certificate from a central ID provider, and that certificate would reside on an application on a smart phone to prove identity.
NIST likened the credentialing process to how an ATM card works. You possess the physical card and a pin. In this case a trusted ID would act as the physical card.
However, so far the technology has been difficult to implement and it remains fraught with privacy considerations. The extent to which consumers would embrace it remains unclear as well. But given the very real and increasing threat of identity theft, the NSTIC, in whatever form it arrives, could become central to how we conduct business online.
