Sick of remembering your online passwords? Let the White House manage it for you

Feuer Frei! · 04-16-11, 02:24 AM

THE US Commerce Department has unveiled a plan for a national cyber-identity system that gives consumers a single secure password and identity for all their digital transactions. FOX News reports the National Strategy for Trusted Identities in Cyberspace (NSTIC) will be a voluntary system designed to protect consumers from online fraud and identity theft - which hit 8.1 million people in the US last year, at a total cost of $27 billion.
The problem? The current system of half-remembered passwords jotted down on Post-it notes and based on pets and maiden names simply isn't good enough.
"Passwords just won't cut it here," said Commerce Secretary Gary Locke, who announced the initiative at the US Chamber of Commerce.
"We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," he said.
The "identity ecosystem" will create secure online IDs for Americans who elect to join the program.
Instead of having to remember all those disparate passwords, a consumer would use a "single credential" to log in, with far more security than a password alone would provide, the agency said.
That log in could be anything: a smart card, a cell phone, a keychain fob, or some other type of gizmo.
And if a user so chooses, they can elect to have several log-ins from different credential providers.
Want a key fob from Google and cell phone software from Verisign? Go for it, both will work - though having two would reduce the simplicity factor, of course.

SOURCE

TorpX · 04-16-11, 02:40 AM

Yeah, like I would trust the White House to do that.

Skybird · 04-16-11, 05:53 AM

Yeah, it must be very convenient for the state to track and link a single person's activities more easier that way. That Big Brother likes it that way, I can easily imagine!

STEED · 04-16-11, 07:07 AM

You are a number you will obey, you are at risk from cybermen...Oops I mean cyber criminals, they want all your info. We will protect you in the name of security, you will be safe with us.

Platapus · 04-16-11, 07:07 AM

I just read the 40 page NSTIC draft conops.

1. This would be very hard to implement and would require the cooperation of entities not known for their cooperation.
2. There are no incentives for businesses and individuals to use this service
3. It seems, to me, to increase the risk of ID theft than to decrease it.

When I read stuff like this, I am reminded of my favourite quote from LBJ

One does not evaluate a policy based on the good it can do if properly administrated. One evaluates a policy on the potential harm it can do if improperly administered.

The "risks" of this solution is not proportionate to the "risks" of the problem

Fish In The Water · 04-16-11, 11:40 AM

Quote:

Originally Posted by Skybird

Yeah, it must be very convenient for the state to track and link a single person's activities more easier that way.

That would never happen, I'm fairly sure it's all about safety...

They just want to protect us from ourselves!

Catfish · 04-16-11, 03:17 PM

Ok, passwords are one thing. Your IP adress is another.

And if "they" want, they do know your IP-adress (your provider will give it to them), and with that they know everything you do, on the internet - and not only that. Forums, passwords, money transactions, social contacts, friendships, dislikes, Facebook etc. - all those info scraping already provides "them" with a good profile of you.
This password thingie is imho just a distraction.

Greetings,
Catfish

MH · 04-16-11, 03:27 PM

Quote:

Originally Posted by Catfish

Ok, passwords are one thing. Your IP adress is another.

And if "they" want, they do know your IP-adress (your provider will give it to them), and with that they know everything you do, on the internet - and not only that. Forums, passwords, money transactions, social contacts, friendships, dislikes, Facebook etc. - all those info scraping already provides "them" with a good profile of you.
This password thingie is imho just a distraction.

Greetings,
Catfish

I agree with that.
There is no privacy on Internet.
You want privacy-don't use internet.

the_tyrant · 04-16-11, 07:26 AM

you know, this idea really isn't bad
the process itself has already been done for many years:http://en.wikipedia.org/wiki/Key_escrow

I'll let them manage my subsim account, my facebook account etc

and for that aes encrypted container on my hard drive, I will just simply not give them the key

Jimbuna · 04-16-11, 07:28 AM

Quote:

Originally Posted by the_tyrant

you know, this idea really isn't bad
the process itself has already been done for many years:http://en.wikipedia.org/wiki/Key_escrow

I'll let them manage my subsim account, my facebook account etc

and for that aes encrypted container on my hard drive, I will just simply not give them the key

LOL...precisely.

04-16-11, 02:24 AM	#1
Feuer Frei! Navy Seal Join Date: Sep 2009 Location: Valhalla Posts: 5,295 Downloads: 141 Uploads: 17	Sick of remembering your online passwords? Let the White House manage it for you THE US Commerce Department has unveiled a plan for a national cyber-identity system that gives consumers a single secure password and identity for all their digital transactions. FOX News reports the National Strategy for Trusted Identities in Cyberspace (NSTIC) will be a voluntary system designed to protect consumers from online fraud and identity theft - which hit 8.1 million people in the US last year, at a total cost of $27 billion. The problem? The current system of half-remembered passwords jotted down on Post-it notes and based on pets and maiden names simply isn't good enough. "Passwords just won't cut it here," said Commerce Secretary Gary Locke, who announced the initiative at the US Chamber of Commerce. "We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords," he said. The "identity ecosystem" will create secure online IDs for Americans who elect to join the program. Instead of having to remember all those disparate passwords, a consumer would use a "single credential" to log in, with far more security than a password alone would provide, the agency said. That log in could be anything: a smart card, a cell phone, a keychain fob, or some other type of gizmo. And if a user so chooses, they can elect to have several log-ins from different credential providers. Want a key fob from Google and cell phone software from Verisign? Go for it, both will work - though having two would reduce the simplicity factor, of course. SOURCE __________________ "History is the lies that the victors agree on"- Napoleon LINK TO MY SH 3 MODS

04-16-11, 05:53 AM	#3
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,602 Downloads: 10 Uploads: 0	Yeah, it must be very convenient for the state to track and link a single person's activities more easier that way. That Big Brother likes it that way, I can easily imagine! __________________ If you feel nuts, consult an expert.

04-16-11, 07:07 AM	#4
STEED Lucky Jack Join Date: Jan 2006 Location: Down Town UK Posts: 27,695 Downloads: 89 Uploads: 48	You are a number you will obey, you are at risk from cybermen...Oops I mean cyber criminals, they want all your info. We will protect you in the name of security, you will be safe with us. __________________ Dr Who rest in peace 1963-2017. To borrow Davros saying...I NAME YOU CHIBNALL THE DESTROYER OF DR WHO YOU KILLED IT!

04-16-11, 07:07 AM	#5
Platapus Fleet Admiral Join Date: Oct 2006 Posts: 19,360 Downloads: 63 Uploads: 0	I just read the 40 page NSTIC draft conops. 1. This would be very hard to implement and would require the cooperation of entities not known for their cooperation. 2. There are no incentives for businesses and individuals to use this service 3. It seems, to me, to increase the risk of ID theft than to decrease it. When I read stuff like this, I am reminded of my favourite quote from LBJ One does not evaluate a policy based on the good it can do if properly administrated. One evaluates a policy on the potential harm it can do if improperly administered. The "risks" of this solution is not proportionate to the "risks" of the problem __________________ abusus non tollit usum - A right should NOT be withheld from people on the basis that some tend to abuse that right.

04-16-11, 02:40 AM	#2
TorpX Silent Hunter Join Date: Sep 2010 Posts: 3,975 Downloads: 153 Uploads: 11	Yeah, like I would trust the White House to do that.

04-16-11, 03:17 PM	#7
Catfish Dipped Squirrel Operative Join Date: Sep 2001 Location: ..where the ocean meets the sky Posts: 17,765 Downloads: 38 Uploads: 0	Ok, passwords are one thing. Your IP adress is another. And if "they" want, they do know your IP-adress (your provider will give it to them), and with that they know everything you do, on the internet - and not only that. Forums, passwords, money transactions, social contacts, friendships, dislikes, Facebook etc. - all those info scraping already provides "them" with a good profile of you. This password thingie is imho just a distraction. Greetings, Catfish

04-16-11, 07:26 AM	#9
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	you know, this idea really isn't bad the process itself has already been done for many years:http://en.wikipedia.org/wiki/Key_escrow I'll let them manage my subsim account, my facebook account etc and for that aes encrypted container on my hard drive, I will just simply not give them the key