The U.S. Commerce Department has been handed the authority from the Whitehouse to create an Internet ID for Americans as one of the latest efforts in Cybersecurity policy. The idea is that everyone would have one secure login to access many services online to increase security and privacy and reduce the need to remember numerous passwords.The idea of a central login is not new. There have been several attempts over the years by different organizations to implement something similar, anyone remember Microsoft Passport? In recent years companies like Google have implemented a single sign-on for all their services. The OpenID, which is an open standard to authenticate users across different websites has also gained ground in recent years, however it is not without its critics. In a recent episode of .Net Rocks, Rob Conery discusses why he has stopped using OpenID due to problems outlined in his blog post, OpenID is a Nightmare, including authentication issues and working with the specification. One major concern with any single sign-on approach is the possibility of those credentials getting into the wrong hands with the potential of all online accounts being compromised.
Along with the existing fears of a single login, many are worried about the government managing their usernames and passwords. CNET reported on the event at Stanford Institute for Economic Policy Research where US Commerce Secretary Gary Locke stated, “We are not talking about a government-controlled system. What we are talking about is enhancing online security and privacy and reducing and perhaps even eliminating the need to memorize a dozen passwords, through creation and use of more trusted digital identities.” It was also made clear that users will not be forced to sign up for the new Internet ID, this will be completely optional and that the project would be managed by the private sector.
Many of us use the same password for multiple websites currently, which is often frowned upon by security specialists, so perhaps the move to a single login could be a positive one. Until more details are shared concerning the new ‘Internet ID’ it will be difficult to determine whether it will become a long term success for increased security and convenience, or if it will have a similar fate to Microsoft’s Passport.