A new cybersecurity strategy will do away with traditional passwords and replace them with an “Identity Ecosystem.”
The new project, The National Strategy for Trusted Identities in Cyberspace (NSTIC), was released by the Obama Administration on April 15. It aims to protect users from identity theft, online fraud, and cybercriminals.
The Identity Ecosystem will offer “interoperable, secure, and reliable credentials” to anyone who wants them. These “credentials” can range from smartphone software, a password-generating token, or a smart card, according to a White House fact sheet on the program.
“We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” states the fact sheet. “Working together, innovators, industry, consumer advocates, and the government can develop standards so that the marketplace can provide more secure online credentials, while protecting privacy, for consumers who want them.”
The proposed strategy is not without its concerns, however, as it could make the government a one-stop-shop for online identity. Jim Fenton, a Distinguished Engineer for Cisco, addressed some of the main concerns in Cisco’s official blog.
According to Fenton, “There is concern that this will lead to a Government-run identity system with extensive surveillance power,” yet the system “should” allow users to have more than one identity “just as they might do business with more than one bank or have more than one credit card or brokerage account.”
The system should also remain secure, despite being centrally-located. He states, “It is true that identity providers are going to need very high security. But this is a risk that we can insure against …”
He does add, however, that NSTIC leaves some questions unanswered, including details on the system’s business model and how it fits into the government structure.