National Strategy for Trusted Identities in Cyberspace

Hackers will probably love this.

Right now, a problem is that some people will use the same password for everything. That's a big security issue. Once someone cracks one site and gets your password, they can potentially access every account you have online.

You can help reduce the impact by using different passwords.

What happens when people use the same ID for everything online?

It gets that much easier for hackers to crack into every account you use.

They'll just target the weakest link in the chain. If that gets fixed, they'll find another.

And, what happens if your ID is compromised? Will you have to apply for a new one? Will your accounts be frozen in the meantime? Will they still be open to the hacker to abuse or withdraw funds? How long will it take to get a new ID? What paperwork will be involved? Will you have to stand in line at something like the DMV? Maybe a Department of Internet Access?

I would not be interested in voluntarily jumping into something like that, but you have to wonder how long "voluntarily" would be truly voluntary? If certain sites required it, it becomes less voluntary and more mandatory.

You know how I've largely resolved the problem of handling multiple accounts and passwords across multiple sites? Organization. And it didn't require government intervention or expensive purchases.

Yes, when I read this I thought to myself, the good ole government is headed down another rabbit hole.

Just imagine, if they screw this up as bad as they have with the Post Office, and all the other night mare agencies, there will be hell to pay. Identity theft is pretty bad now, it will be more than a nightmare after this.

My thought is not only no, but hell no. I am doing a pretty good job of it by myself thanks.

The proposed system is ONE pass! That means it is ********ILLEGAL********! It violates HIPAA, PIN, etc.... It is ALSO easy to do things like STEAL INFO! And there is a SINGLE point of FAILURE! It is just DUMB!

Frankly, I think it should be a TWO pass system! The first pass is that they should allow the FULL spirit of HIPAA to be fulfilled! This will allow patients to monitor their care and spot fraud and be able to access their records! It means that hospitals will NO LONGER have to ask the patient all these needless questions, etc.... And the person should be able to setup their OWN IDS, with PROFILES! Needed access can be had by entering the ID with the first and last name of the person followed by the last 4 of the social security number. The SAME should be done through the DOJ, for police, fbi, dmv, military, etc... info. The IRS for income. etc....

So what does THIS do? It limits access of data to ONLY those that should have it, uses existing databases, etc.... is SIMPLE, NO single point of failure, etc.... The ONLY ones that can access the data are those that have it, or those you want to. YOU control the distribution of access. Oh yeah, YOU get the access you always should have but really didn't and it lowers everyones costs, INCLUDING the governments.

And WE don't really have to see ANY changes! gmail, warrior forum, etc... would use the SAME user/pass system. The changes above would be for things like day care centers, where you could have an ID/SEX profile that THEY could use that would go to the DOJ and see if you are allowed to deal with children, etc..., or a loan company could go to the bank with a BANK/CREDIT profile to verify you are a good risk, etc....

ALSO, with a dual pass system, the third party site could be hit only when needed! For ID access maybe once a month, for credit on new apps, etc...

BTW the system they show in the picture seems to be the ultra secure type SOME companies use. I have only seen TWO companies use it, and THEY only used it in SOME areas. The idea is a gadget will NOT allow you to enter unless you type a code that KEEPS CHANGING! A gadget, like that pictured above the keyboard in the persons hand pictured, shows you the code. You type that code in in ADDITION to the user and password! If you don't have the right connection, the right gadget, AND the user/pass, you can't get in.

Of course, that is ALREADY really about 30 years ANCIENT! TODAY, they have a gadget that requires a password that may be THOUSANDS of characters long, and some might not be typable. Sounds COMPLICATED, right? WRONG! It is called an SSL CERT! If your computer makes the wrong connection, has the wrong cert, or you use the wrong user/pass, it won't work. THOUSANDS, possibly HUNDREDS of thousands, of companies use that today. It is used for things called VPNs! SOME are even tied to the USER! PAYPAL PRO uses it!

Steve