Posted by: David Scott
cyber security, federal government breach, government breach, identity ecosystem, identity theft, internet ID, National Strategy for Trusted Identities in Cyberspace, online security
No partisan ruminations here: We IT and Business folk are nothing if not practical. We strive to be efficient, safe, and true to the mission. That’s our agenda. That said, I remember a common joke I heard primarily in my youth:
The nine most terrifying words in the English language are, “I’m from the government and I’m here to help.”
And now, Government wants to “help” us in the collective digital domain:
The Commerce Dept. unveiled a plan Friday to create a national cyber-identity system that would give consumers who opt in a single secure password and identity for all their digital transactions. [Source: FoxNews.com]
A single ID and password for everything I do digitally? Most emphatically: No thank you.
Although, I will say, here is where government does actually achieve some efficiency: If your Federally sponsored online ID and password are breached, ALL of your online endeavors can immediately be compromised.
But wait! You can have multiple authentication credentials, from multiple “credential providers,” with associated fobs, or smartcards, or smartphone software, or “tokens”… my head’s spinnin’. This article mentions “…though having two [or more – DS] would reduce the simplicity factor, of course.”
The drive is toward a single set of credentials per person.
Right now, I have a diverse set of authentication credentials that I manage on my own, quite nicely – for banks, stores, this blog, etc. – and I like the fact that, so far as I know, the government is not involved. If I forget a password, or even my ID, I can provide answers to simple questions in resuming authorization and access. Further, most if not all of my sites require further, simple, authentication measures beyond ID and password: Such as answers to questions regarding Favorite Hobby, Name of Favorite Uncle, What Year Did You Graduate High School?, etc. – as well as CAPTCHA and other security mechanisms.
This alone is off-putting enough: The National Strategy for Trusted Identities in Cyberspace.
Recognize that the Feds can’t even secure the data they presently have. Just refer to – Report: Military and government data breached 104 times in 2010. Also, Google “Federal Data Breaches.”
On this day: In 1955, the first “Walk”/”Don’t Walk” lighted street signals were installed.