The Commerce Dept. unveiled a plan Friday to create a national cyber-identity system that would give consumers who opt in a single secure password and identity for all their digital transactions.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) will be a voluntary system designed to protect consumers from online fraud and identity theft -- which hit 8.1 million people last year, at a total cost of $27 billion. The problem: The current system of half-remembered passwords jotted down on post-it notes and based on pets and maiden names simply isn't good enough.
"Passwords just won't cut it here," said Commerce Secretary Gary Locke, who announced the initiative at the U.S. Chamber of Commerce. “We must do more to help consumers protect themselves, and we must make it more convenient than remembering dozens of passwords,” he said.
The "identity ecosystem" will create secure online IDs for Americans who elect to join the program, giving them a single credential -- such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password -- which they can use to log on to a variety of websites.
Instead of having to remember all those disparate passwords, one for each site that conducts a secure transaction, a consumer would use that single credential to log in, with far more security than a password alone would provide, the agency said.
That log in could be anything: a smart card, a cell phone, a keychain fob, or some other type of gizmo.
And if a user so chooses, they can elect to have several log-ins from different credential providers. Want a key fob from Google and cell phone software from Verisign? Go for it, both will work -- though having two would reduce the simplicity factor, of course.
NSTIC also aims to protect consumers' privacy from the vast array of companies that collect data on their websurfing activity, letting them surf anonymously online. It would not create a centralized database of information, the agency said, because consumers will be able to choose from a variety of programs within the cyber-identity system.
But it's not ready yet. To make the proposal a reality, a multitude of companies have been enlisted to build software, develop new standards and make hardware that will make up the system, including Microsoft, IBM, the Secure ID Coalition and Wave Systems Corp, which exhibited a system for securely accessing a wide variety of websites with just a single password.
"This ecosystem will provide citizens with a variety of choices for authenticating their identity online while helping to protect their security and privacy," said Scott Charney, corporate vice president of Microsoft.
Jim Dempsey, a vice president with the Center for Democracy and Technology, agreed that the program would help address the problems of online threats.
"I think there's a model here perhaps for the broader question of cybersecurity ... the Administration, to my view, has conducted a very open process here," he said.