So, there is a mounting problem with IT and our increasingly online lives. We all know it too. All too often we hear of identity theft and online fraud.
In my limited view of family,friends and even IT work colleagues that use IT daily, the common theme is passwords. Most people either don’t have the presence of mind to set a complicated password or they don’t have the time to bother. This is of course very bad news since complacency may lead to their online lives being violated in one way or another.
Even my tech-savvy daughters who have Facebook accounts have been hacked simply because their passwords are too weak. This means the problem is not isolated to the generation who did not grow up with computers, but to all generations.
It matters not that your data is encrypted in the cloud or even en-route. Getting your weak password correct is easy, once it’s known all data is available from that service, and there’s a good chance that same password will be used elsewhere.
There are tools available to generate strong passwords and securely store them for multiple accounts, websites, services and the like, but they usually have a single point of failure. This is the master password, and again, if this is weak access to the entire password store is achievable.
Most people again are too apathetic with regard to their online security to consider the use of these tools.
I believe we will come to a head in this matter and we will need a universal biometric authentication method that can be build into all devices capable of access to secure services.
If done right this will become the universal way of identifying an individual and his or her rights to access services. In order for it to be employed by all vendors, it will need to be open source.
“Oh, but what if it goes wrong and I don’t get access to stuff that I should have access to?” I hear you say. This comes down to proper considered design and implementation that reduces these kind of mistakes to a minimum. Unfortunately, in any human endeavour there will be an element of human error. It needs to be catered for and accepted.
It seems the general public is opposed to identity card schemes, and the thought of being catalogued digitally, but since these same people are using more and more password based authentication methods, when they perceive the threat to their personal banking, for example, they will want an easier method that is in turn harder to fake. The majority of opponents of identity schemes will then relent in the face of the personal risk and the correctly implemented biometric method.
The person or company who finds the correct solution will be the progenitor of the next big IT evolution which will in turn have effects in national and international security alike.
Update : 12th May 2013 : looks like this idea is beginning to get more thought. See this.
Update : 14th April 2015 : it’s been a long time since I’ve seen anything more on this topic, but here is an article from someone who maybe feels the same way…
link
