Ditch Your Passwords: US Government to Issue Secure Online IDs

I'm not particularly comfortable with the idea, based on the information provided. What do you guys think? Should we be concerned?

Source:
httx://smallbusiness.yahoo.com/advisor/ditch-passwords-us-government-issue-secure-online-ids-201515225.html

 

Now they want control of your passwords as well, even though the contents are already available.

 

This sums up my opinion pretty well

 

Saw the title of the Thread. Automatically thought, "Mark of the Beast".

But who knows what this really is. So is this with the US Postal Service?

 

So only THEY can get into your system?

 

Why would you be concerned if you can login easily and secure to all government services that you already use and already have a relation with?
IRS/taxes, national health care, education, all tied to your social security/identity number.
In the Netherlands we've had the national identity management platform DigiD since 2010; no need to enter basic credentials over and over.
I'd rather deal with government services using one reasonably robust nationwide system (currently using online-2step verification; password+sms code) than a system of incompatible sub-systems where every single government ministery/department invents the wheel for itself.
It's not like you'll be mandated to use this for torrents or Tor, right?

edit; There is a difference in NL, that DigiD is only used for government services. It's a tool/platform strictly for civilians/citizens, not for consumers.

 

The article confirms a contract with the US Postal Service, but it seems this type of system could be adopted by other agencies/institutions such as: banks, schools, hospitals, etc. Correct me if I'm wrong, but this seems like a major blow to layered access. The whole reason we differentiate credentials and other identifiable information is to prevent complete unrestricted access. Even if they guess your password, it's not going to unlock every account that you have. So far it's my understanding that they will be using a third party service to authenticate the keys they provide us. We do this with digitally signed certificates. How well would you say that's worked out for us? Also they mention the use of keys, which would be provided. Without details, its hard to speculate, but I can think of some examples that would be a deal breaker. Digital keys like those produced by RSA and even for gaming companies like Blizzard have been compromised in the past. Almost every card technology (RFID, magnetic strip, etc.) has been compromised in some manner. The only redeeming benefit that I can see is that I won't be handing over my year of birth, last 4 of SSN, etc. to companies directly.
actually be. If anyone has more detail on the proposed system, I'd be interested to learn more about the ins and outs. I think we all have a right to be skeptical given the track record of corporations and governments when it comes to data protection.

 

This may be only step one.

 

This is not good. There is a reason this and the cloud etc are being pushed and it's not what they say it is.

 

not at all good... this is the beginning of a govmt taker over of our total lives they had us before now they want to control us online as well... literally

 

I find the linked article very confusing, because I think it is only being suggested for use for Federal Agencies. The article largely starts with:

It's only later down, where they start talking about SecureKey itself (which apparently is a Canadian company and product) that they start referring to consumer services and local banks and hospitals. As I read it, the US Federal government isn't trying to issue a single sign-on for consumer services, or state & local government services... rather they are simply licensing for Federal use, something that some Canadian company would like to see more broadly used. I think that is a fairly big difference.

Personally, I think someone does need to do something about consumer digital credentials and authentication, though. The current path isn't really sustainable or even all that secure. Probably eight out of every ten passwords are either short, easily guess-able, in a dictionary list, or fit a common pattern (i.e., dictionary word with "l33t" letter substitutions or numbers or symbols on the end). Heck I even recently read -- my apologies if it was here on Wilders -- that someone used the Call of Cthulhu phrase "ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" as the password and it was easily hacked because the hacker was also a fan of Lovecraft and had it in his cracking dictionary. (Can you imagine trying to type that password in every time, though?)

Even worse, the vast majority of people either use the same password for nearly all of their applications requiring a password... or one of maybe three or four passwords that they regularly use (e.g., personal "weak", "medium", and "strong" passwords that they just create variations on). So, really, most people have a false illusion of security in the modern digital world, where one is really only as safe as their weakest password and/or the weakest vendor at which he or she uses a shared password. Yes, the more savvy users can use a password manager like those built-in to one of the browsers (generally not that great an option really), or a dedicated manager like LastPass, KeePass, 1Password, mSecure, etc (but then how much do you trust the encryption and syncing across each of these managers when they offer sync'ing, and if they don't how do you keep all of those pseudo-randomly generated passwords available to you at all times).

It actually would be nice if there was some sort of agency that could reliably authenticate you across all consumer providers. I would much prefer that such a universal authentication entity or agency have the imprimatur of the Federal government, than simply be linking and leveraging my Facebook or Google+ credentials as some consumer providers have started to attempt. I know many of you may disagree, but I still trust the US Federal Government, more than I trust Facebook, Google, Amazon, or Twitter. Besides, if the NSA is going to be able to crack my accounts and snoop on my stuff anyway, I might as well let them be the keeper of the keys rather than someone else.

 

I didn't bother to read the article. If it's passwords and the government, I already know it's a bad idea!

 

Here in Canada we're on the way to (hopefully) enabling a single log-in for accessing all federal-government online services and move from one to another without having to log out of the first and into the second. So far Service Canada has the most comprehensive groupings, including benefits, citizenship/immigration matters, particularly passports, and parts of the tax system (e.g., you can view any government-issued T4 or T4A, change your address or other contact info, and set up or revise direct-deposit info for all payments from the government (federal or provincial). Most other tax-related matters, however, require a separate log-in with Revenue Canada.

Speaking of Rev Cda, they're taking strong measures to "encourage" individuals to deal with them strictly online. As of 2013 (for the 2012 tax year), they're no longer mailing out tax forms or accepting phone filings -- you can phone them and ask for a package to be mailed to you, but they make it clear they prefer you'd file online. There's typically a number of online services and apps available, but they each have to be re-certified by the government every year, and they're slow as molasses with that process so it's typically mid-Feb or even March before one you can use gets approved, no fun if you're expecting a refund.

There are some useful inter-government services available too. Ontario's Trillium Drug Plan, which covers most of your prescription expenses on a geared-to-income basis, can (with your written consent) get your income info direct from Rev Cda, which saves having to re-apply every year with a ton of paperwork.

 

identity theft.

 

All your base are belong to U.S.

 

Ha ha ha! I can't stop laughing after reading the article. What next - taking a drug test to log in?
Thanks for the share.

 

@Rilla927 Your spot on, this has been in the works for a very long time.. If this is what i think it is we are all
in for a rocky boat ride..