DawgTalkers.net Forums DawgTalk Tailgate Forum A Government Plan for IDs to Replace Online Passwords

This is about as nuts as the Mich. St. cell phone thread

Wall Street Journal Article

Online passwords are a pain: They can be tough to remember and easy to break. But the Obama administration says it wants to help fix this.


The Department of Commerce introduced a plan Friday for a system of Internet IDs that could replace passwords and simplify secure transactions online. The plan calls for the federal government to encourage the development of these new IDs and make sure they conform to certain standards.

The idea is that the current system of authentication online — passwords, mostly — just doesn’t work very well. Instead, the administration wants people to have digital credentials that could be stored in something like an app or on a USB thumb drive. Plenty of businesses already require employees to use these sorts of tools to log on to secure email accounts, for example. The administration wants these to be standardized so ordinary people can use them across the Web.

Using such a system “we will prevent costly crime, we will give businesses and consumers new confidence, and we will foster growth and untold innovation,” President Obama said in a statement.

The idea of an Internet log-on that could serve as a national ID and involves the government clearly freaks people out. So the administration is taking pains to emphasize that it simply wants bring businesses together to create this system. The IDs, it says, will be provided by private industry, and the Commerce Department gave examples of companies like PayPal and Microsoft that support the efforts.

The administration launched today’s plan — called the National Strategy on Trusted Identities in Cyberspace — at the U.S. Chamber of Commerce, and it changed the wording of its plan to make it clearer that it wants the private sector to handle these IDs.

A federal agency called the National Institute of Standards and Technology would help come up with standards for companies that want to make and sell these IDs. (That agency already does a bunch of geeky things, like housing the atomic clock that provides the nation’s standard time.) The agency could provide a “seal of approval” for IDs that met certain standards, including privacy protections.

A number of consumer and privacy groups said they support the government’s efforts to encourage a national Internet log-on.

“Every new online service wants you to create yet another account. Most of us have no clue how our information is being used or with whom it’s going to be shared,” the Center for Democracy and Technology said in a statement. “We deserve better control over our identity and more confidence in our transactions online.”

But some still have concerns.

“The sort of identity ecosystem envisioned … would quickly and inevitably become mandatory for a vast range of Web sites and services,” said Lauren Weinstein, the co-founder of People for Internet Responsibility. He also raised questions about parts of the government that might have access to such an ID.

The Commerce Department plans to hold meetings with businesses and advocates in the coming months about the plan and to begin pilot programs next year.

So the people who brought you Wikileaks is telling us that they will encourage companies to establish a digital national ID, a single code, making transactions easier and safer. I am not a tech guru but how is this possible/safer?

It would be like using the same password for everything you do and if that "password" was compromised that's it game over. No?

Any of you guys think this is a good idea or is it a bad idea?

I don't want the government's hands anywhere near my dongle.

Oh it's a great idea ... now instead of having to use sophisticated computer programs or go inside my brain to know my passwords ... computer hackers will never have access to it. It will be as safe as a credit card or USB drive now.. and those never get lost or stolen ....


Probably one of the stupidest ideas I have heard concerning security. That's like saying "instead of using a retina scan, we are going to give you a key!" ... and taking a step backwards in terms of security ... plus ... I'm sure the government will also (eventually) have access to said password as well ...

The state cyber security is a scary thing these days. Yesterday I had to contact a tier 4 resource in IT security to get a problem fixed. When I called, the person said hold on. When he came back on the phone he said "I'm sorry, I had just changed by password and had to write down."

You're right ... it is scary, but at the same time it's really not that hard to create a password and a variation system that you will remember.

I have 1 root word that literally no-one would ever think of. That's the purpose. I thought of something so unlike me or my interests that I would never be associated with it. Then I have a variation of a few numbers that I add on to the end of it.

Since I was (approximately) 13 ... so more than a decade now. .. I have never once had a password stolen or compromised. Since I have had any credit card (I have 2 currently), I have had the card itself or the transaction numbers stolen 3 times in less than 5 years... maybe it's just that a credit card is more of a target than regular passwords are ... but what you are saying is that anyone who is known to misplace their wallet or misplace their keys are now capable of misplacing their entire internet identity and log in information from everything including this website to their bank account to their retirement funds to their (you get the idea).

If it was something like an RSA Secure ID I'd be OK with it - this is a one-time use password system. Lots of companies use these already for their employees.
http://www.rsa.com/go/gpage.aspx?id=39&gclid=CIumnbKhrqgCFQzNKgod5B4liA

Now, there is no reason for the government to institute this. If the ID they give is a unique one for each person then that scares the crap out of me. Everyone in the US would be one hacker away from getting everything taken. You should NEVER use the same password for every website. Change them up - come up with a clever way to know what password to use on each site; that's what I do.

The only true secure way to do this is a one time password IMO. But that would have it's own issues to overcome as well.

Pure Idiocy.

To me, this is a completely transparent "justification" for implementing a National ID card as well as a massive grab at privacy infringement. Anyone proposing this should *seriously* be flogged.

Agree ... it really just makes things that much easier for those who want to manipulate it or use it for harmful data / purposes to access it.

Precisely.

Even the opening line of the article is simple pandering "Online passwords are a pain: They can be tough to remember and easy to break. But the Obama administration says it wants to help fix this.".

It's trying to bait people into accepting Gov't control in private matters.

Online tracking. Great.

Why does the government care if we go to our banking site, DawgTalkers, ESPN, etc.?

Yeah ... I'll go 100% back to the real world, with checks, and envelopes,and stamps, before I let the government handle my online security.

I know Blizzard, the makers of World of Warcraft, have an "authenticator" that is just like the RSA device you linked. I think something like that would be very useful when doing secure logins online.

I'm pretty sure that then the entire U.S. would be subject to the same hacks/scams that the WoW user base it subjected to

The Russians & Koreans would have a field day with us.

Quote:

---

The idea of an Internet log-on that could serve as a national ID and involves the government clearly freaks people out.

---

I dont mind this. I see the merits to it. Assuming it could be made safe and secure I think a national online ID is a great idea. Whose time will come eventually.
The next logical step is online voting. It would be extremely interesting to see the direction politics would take if 80 % of the people now had at home/public library access to voting.

We better hope this doesn't happen.....1984 anybody??

First do this....then have the ID's attached to debut cards....then require all bills be paid online and eliminate cash.....I pay cash or write checks for most things...I don't have a debut card. I do use a AMX card and have a Visa I rarely use unless I don't have the cash at the moment and they won't take AMX.


Mark of the Beast stuff if you ask me.

It's coming whether we all like it or not. It's just a matter of when.