Ditch Your Passwords: US Government to Issue Secure Online IDs

Discussion in 'other security issues & news' started by Techwiz, Sep 1, 2013.

Thread Status:
Not open for further replies.
  1. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    I'm not particularly comfortable with the idea, based on the information provided. What do you guys think? Should we be concerned?

    Source:
    httx://smallbusiness.yahoo.com/advisor/ditch-passwords-us-government-issue-secure-online-ids-201515225.html
     
  2. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Now they want control of your passwords as well, even though the contents are already available.
     
  3. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    This sums up my opinion pretty well :)
     
  4. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    3,518
    Location:
    USA - Back in a real State in time for a real Pres
    Saw the title of the Thread. Automatically thought, "Mark of the Beast".

    But who knows what this really is. So is this with the US Postal Service?
     
  5. twl845

    twl845 Registered Member

    Joined:
    Apr 12, 2005
    Posts:
    4,186
    Location:
    USA
    So only THEY can get into your system? :ninja:
     
  6. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    Why would you be concerned if you can login easily and secure to all government services that you already use and already have a relation with?
    IRS/taxes, national health care, education, all tied to your social security/identity number.
    In the Netherlands we've had the national identity management platform DigiD since 2010; no need to enter basic credentials over and over.
    I'd rather deal with government services using one reasonably robust nationwide system (currently using online-2step verification; password+sms code) than a system of incompatible sub-systems where every single government ministery/department invents the wheel for itself.
    It's not like you'll be mandated to use this for torrents or Tor, right?

    edit; There is a difference in NL, that DigiD is only used for government services. It's a tool/platform strictly for civilians/citizens, not for consumers.
     
    Last edited: Sep 2, 2013
  7. Techwiz

    Techwiz Registered Member

    Joined:
    Jan 5, 2012
    Posts:
    539
    Location:
    United States
    The article confirms a contract with the US Postal Service, but it seems this type of system could be adopted by other agencies/institutions such as: banks, schools, hospitals, etc. Correct me if I'm wrong, but this seems like a major blow to layered access. The whole reason we differentiate credentials and other identifiable information is to prevent complete unrestricted access. Even if they guess your password, it's not going to unlock every account that you have. So far it's my understanding that they will be using a third party service to authenticate the keys they provide us. We do this with digitally signed certificates. How well would you say that's worked out for us? Also they mention the use of keys, which would be provided. Without details, its hard to speculate, but I can think of some examples that would be a deal breaker. Digital keys like those produced by RSA and even for gaming companies like Blizzard have been compromised in the past. Almost every card technology (RFID, magnetic strip, etc.) has been compromised in some manner. The only redeeming benefit that I can see is that I won't be handing over my year of birth, last 4 of SSN, etc. to companies directly.
    actually be. If anyone has more detail on the proposed system, I'd be interested to learn more about the ins and outs. I think we all have a right to be skeptical given the track record of corporations and governments when it comes to data protection.
     
  8. Carver

    Carver Registered Member

    Joined:
    Feb 5, 2006
    Posts:
    1,827
    Location:
    USA
    This may be only step one.
     
  9. Rilla927

    Rilla927 Registered Member

    Joined:
    May 12, 2005
    Posts:
    1,710
    This is not good. There is a reason this and the cloud etc are being pushed and it's not what they say it is.
     
  10. zfactor

    zfactor Registered Member

    Joined:
    Mar 10, 2005
    Posts:
    6,012
    Location:
    on my zx10-r
    not at all good... this is the beginning of a govmt taker over of our total lives they had us before now they want to control us online as well... literally
     
  11. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I find the linked article very confusing, because I think it is only being suggested for use for Federal Agencies. The article largely starts with:
    It's only later down, where they start talking about SecureKey itself (which apparently is a Canadian company and product) that they start referring to consumer services and local banks and hospitals. As I read it, the US Federal government isn't trying to issue a single sign-on for consumer services, or state & local government services... rather they are simply licensing for Federal use, something that some Canadian company would like to see more broadly used. I think that is a fairly big difference.

    Personally, I think someone does need to do something about consumer digital credentials and authentication, though. The current path isn't really sustainable or even all that secure. Probably eight out of every ten passwords are either short, easily guess-able, in a dictionary list, or fit a common pattern (i.e., dictionary word with "l33t" letter substitutions or numbers or symbols on the end). Heck I even recently read -- my apologies if it was here on Wilders -- that someone used the Call of Cthulhu phrase "ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" as the password and it was easily hacked because the hacker was also a fan of Lovecraft and had it in his cracking dictionary. (Can you imagine trying to type that password in every time, though?)

    Even worse, the vast majority of people either use the same password for nearly all of their applications requiring a password... or one of maybe three or four passwords that they regularly use (e.g., personal "weak", "medium", and "strong" passwords that they just create variations on). So, really, most people have a false illusion of security in the modern digital world, where one is really only as safe as their weakest password and/or the weakest vendor at which he or she uses a shared password. Yes, the more savvy users can use a password manager like those built-in to one of the browsers (generally not that great an option really), or a dedicated manager like LastPass, KeePass, 1Password, mSecure, etc (but then how much do you trust the encryption and syncing across each of these managers when they offer sync'ing, and if they don't how do you keep all of those pseudo-randomly generated passwords available to you at all times).

    It actually would be nice if there was some sort of agency that could reliably authenticate you across all consumer providers. I would much prefer that such a universal authentication entity or agency have the imprimatur of the Federal government, than simply be linking and leveraging my Facebook or Google+ credentials as some consumer providers have started to attempt. I know many of you may disagree, but I still trust the US Federal Government, more than I trust Facebook, Google, Amazon, or Twitter. Besides, if the NSA is going to be able to crack my accounts and snoop on my stuff anyway, I might as well let them be the keeper of the keys rather than someone else. :p
     
  12. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
    I didn't bother to read the article. If it's passwords and the government, I already know it's a bad idea!
     
  13. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Here in Canada we're on the way to (hopefully) enabling a single log-in for accessing all federal-government online services and move from one to another without having to log out of the first and into the second. So far Service Canada has the most comprehensive groupings, including benefits, citizenship/immigration matters, particularly passports, and parts of the tax system (e.g., you can view any government-issued T4 or T4A, change your address or other contact info, and set up or revise direct-deposit info for all payments from the government (federal or provincial). Most other tax-related matters, however, require a separate log-in with Revenue Canada.

    Speaking of Rev Cda, they're taking strong measures to "encourage" individuals to deal with them strictly online. As of 2013 (for the 2012 tax year), they're no longer mailing out tax forms or accepting phone filings -- you can phone them and ask for a package to be mailed to you, but they make it clear they prefer you'd file online. There's typically a number of online services and apps available, but they each have to be re-certified by the government every year, and they're slow as molasses with that process so it's typically mid-Feb or even March before one you can use gets approved, no fun if you're expecting a refund.

    There are some useful inter-government services available too. Ontario's Trillium Drug Plan, which covers most of your prescription expenses on a geared-to-income basis, can (with your written consent) get your income info direct from Rev Cda, which saves having to re-apply every year with a ton of paperwork.
     
  14. Tipsy

    Tipsy Registered Member

    Joined:
    Aug 25, 2013
    Posts:
    207
    identity theft.
     
  15. noway

    noway Registered Member

    Joined:
    Apr 24, 2005
    Posts:
    351
    All your base are belong to U.S.
     
  16. FreddyFreeloader

    FreddyFreeloader Registered Member

    Joined:
    Jul 23, 2013
    Posts:
    527
    Location:
    Tejas
    Ha ha ha! I can't stop laughing after reading the article. What next - taking a drug test to log in?
    Thanks for the share.
     
  17. hogndog

    hogndog Registered Member

    Joined:
    Jun 9, 2007
    Posts:
    628
    Location:
    In His Service
    @Rilla927 Your spot on, this has been in the works for a very long time.. If this is what i think it is we are all
    in for a rocky boat ride..
     
Loading...
Thread Status:
Not open for further replies.