When chartering the NSTIC program, U.S. President Obama described their objective.
The goal of the NSTIC strategy, [Obama] said, is to find something a lot better than "insecure passwords" in order to make "online transactions more trustworthy."
To achieve this, the program is working with companies to identify internet-scale solutions that could rely on password alternatives like trusted identity providers and biometric solutions. While solutions like single use passwords, or single sign on through providers like Verizon or Google can reduce risk or provider greater identity guarantees, some feel that biometric security is one of the best ways to provide a core identity. Paul Simmonds of the Jericho Forum, which operates under the Open Group, champions this viewpoint.
"The core identity is you," Simmonds says. "Your human core identifier is your face. The key trick is the only one who can use it is you."
Simmonds believes that once a strong identifier such as a face biometric is established, "It allows you to create a persona and link to it. The important thing is you can't go back up the tree to the root."
He says the kind of identity ecosystem that would be preferred is one that doesn't depend on giant databases of information but relies simply on trusted and secure registration of a core identity, and perhaps use of technologies like chip-based cards. "They don't need to know who I am or anything about it. I can prove immutably I'm me."
Numerous parties are looking at how to avoid re-usable passwords when authenticating users to services. Both Google and Apple are invested in Near Field Communication (NFC) which enables secure communication between devices over very short distances.
Join us on our
Share this page with your friends
on your favorite social network: