Almost everything we do online requires an account and password authentication of some sort—banking, shopping, filing tax returns, and streaming movies. Best practices teach us that we should change passwords frequently, use different passwords for each online account, and pick passwords that are unique and that are not easy guessed. With dozens of online passwords to remember, however, best practices go out the window. It’s time for a change—thankfully, alternative ways to authenticate users are in the works.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) is a White House initiative that supports collaboration between the private sector, advocacy groups, and public-sector agencies to encourage the adoption of secure, efficient, easy-to-use and interoperable identity credentials to access online services in a way that promotes confidence, privacy, choice and innovation. NSTIC is seeding an industry-led initiative to build a better login.
Announced via a recent NIST press release, three pilot programs were awarded NSTIC grants, totaling $3 million. The three pilot programs are intended to lay the foundation for a global ID exchange. In this new scenario, an Internet user would register for a single login credential that would work for any number of common online transactions, such as online banking, booking train tickets, and video streaming.
“The Commerce Department [NIST] is committed to protecting a free and open Internet, while also working with the private sector to ensure consumers’ security and privacy,” said U.S. Deputy Secretary of Commerce Bruce Andrews. “The grants announced will help spur development of new initiatives that aim to protect people and businesses from online identity theft and fraud.”
The pilot programs are:
- GSMA, a mobile trade association in Atlanta, GA, will partner with the four leading wireless networks (e.g. Verizon, T-Mobile, AT&T, and Sprint) to create a consolidated sign-on solution. As a result, a smartphone user’s mobile number and the data contained in the device’s secure SIM card could be used to prove identification. GSMA’s grant totals $821,948.
- Confyrm, located in San Francisco, California, will partner with several undisclosed participants (e.g., Internet email provider, major mobile network and multiple e-commerce sites) to find a way to flag login fraud, which would limit any potential ID theft or data breaches. Confyrm’s grant totals $1,235,376.
- MorphoTrust USA, located in Billerica, Massachusetts, will partner with North Carolina’s Departments of Transportation (DOT) and Health and Human Services (DHHS) to expand on North Carolina’s driver’s license solution to create a digital credential for those applying for the North Carolina (DHHS) Food and Nutrition Services (FNS) Program online. This solution will eliminate the need for people to appear in person to apply for FNS benefits, reducing costs to the state while providing applicants with faster, easier access to benefits. MorphoTrust USA’s grant totals $736,185.
In addition to the programs mentioned above, the federal government is launching a service called Connect.gov sometime this month that will allow citizens to access various dot-gov applications with a single sign-on (e.g., example, users could use their Gmail credentials to open various agency webpages that are behind firewalls, such as veterans’ health records).
For more information regarding the password replacement initiatives, see the NIST press release.