As hackers get more and more advanced, and passwords are easier to crack (especially with how simple the most commonly used passwords still are) because of it, something needs to be done to make sure people stay secure and identifies don’t get stolen.
Google has recently adopted a two-stage login, which you can use if you want and have a cell phone, which does just that. This is the kind of security feature a lot of government buildings use. Basically, so long as you have your cell phone, nobody else can log in as you.
The US government is coming up with another way to do it. Under the National Strategy for Trusted Identities in Cyberspace (NSTIC), which works under the Chamber of Commerce, there might soon be another way. Basically, you verify some credential (probably something like a public key, which Linux users might be familiar with) with someone in person, and then can use that to log in as the ‘real you’ anywhere on the internet–assuming that place on the internet supports the proposed system.
Read the final draft of the NSTIC document (pdf).
A system like this has both a good and bad side:
The good side is that it’s run by the Chamber of Commerce, which is a government branch pretty much dedicated to private-sector business. That means the official purpose of NSTIC is to give you security when you buy things online, and ensure that nobody else can buy stuff under your name. It could also make logins more convenient and, because your information would be stored in that credential (you would get to decide just how much of your information is in it) it could make signing up for a new account much faster. Also remember that this system would be entirely voluntary.
But, because it’s a government system, that means the government is technically in control of your internet access. And if we wound up in a world where this ‘real’ identification system were required everywhere (even if it’s not required to sign up, it everyone uses it you pretty much have to), they could pretty much track everything you do, and shut you down instantly for whatever reason. That’s the bad side, though it’s not exactly likely to happen.
There’s also a video out about it, too. Check it out.
Read what I read:
- Article from ARS Technica
- WhiteHouse.gov blog entry — written by Howard Schmidt; interesting and fairly short.
- current, final draft of the NSTIC document (pdf) — linked to above as well.