Passwords obsolete under new security standards

By Reuters
Posted Friday at 2:52 p.m.

The Obama administration urged the private sector Friday to develop methods that consumers can use instead of passwords to identify themselves online and, in some cases, in brick and mortar stores.

“The Internet has transformed how we communicate and do business,” said President Barack Obama in a statement accompanying release of a national strategy to safeguard identity on the Internet.

“But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year,” the president said.

As part of the strategy, the Commerce Department is asking the private sector to create a system or systems that can identify Internet users in a way that safeguards their privacy, is secure, is interoperable and is cost-effective.

Participation would be voluntary.

“Consumers who want to participate will be able to obtain a single credential — such as a unique piece of software on a smart phone, a smart card, or a token that generates a one-time digital password,” the Commerce Department said in a statement.

Millions of people are victims each year of identity theft, which costs victims an average of $631 and 130 hours to recover from, the Commerce Department said.

Earlier this month, a long list of hotels, financial institutions, retailers and others revealed that customer names and email addresses had been stolen by hackers, giving the criminals useful information to be used in identity theft. The strategy is a way to eliminate passwords — which are unwieldy for users and ineffective in many cases — to have them go the way of the dodo.

But the Commerce Department is also keenly aware that any attempt by the federal government to create a national identity card would be extremely controversial.

Companies at a Chamber of Commerce event to kick off the effort included Google, Symantec, eBay subsidiary PayPal, Microsoft and Northrop Grumman Corp.

Read more about the topics in this post: , , , ,

Companies in this article


Read more about this company »


  1. Natalia Friday at 3:00 pm

    para columna semana santa

  2. Barbyr Friday at 3:18 pm

    I’d like to be the first to say “Whatever it turns out to be, it won’t work.” There are too many people willing to work harder in criminal enterprises than they would if the actually got a real job. Which is probably due to the fact real jobs generally pay so poorly.

  3. meaux Friday at 3:25 pm

    Sounds like a major move toward a national ID card. Do we want the Statists following our every move.

    Doesn’t surprise me coming from BO. Just as he wants – the big brother government gets bigger.

  4. Glen Friday at 3:26 pm

    Obama, the Great Time Waster.

  5. Lila Friday at 3:27 pm

    “Earlier this month, a long list of hotels, financial institutions, retailers and others revealed that customer names and email addresses had been stolen by hackers, giving the criminals useful information to be used in identity theft.”

    And is this the consumer’s fault? Seriously, the buck always seems to stop with us no matter what happens. No. Any company that has that problem because many companies won’t pay for proper security is really their problem. YOU should be “self-reliant” and responsible for YOUR own problems. YOU straighten it out.

  6. Albigensian Friday at 3:56 pm

    Identity security is mostly based on one of three things (or some combination of these):
    1. What you have (physical key)
    2. What you know (password), or
    3. What you are (biometrics- retina, fingerprint)

    Mostly (1) is the lowest level of security, as “what you have” is not infrequently lost or stolen.

    That being the case, what is the point of this proposal to use “what you have type security ( “such as unique piece of software on a smart phone, a smart card, or a token” as proof of identity??

  7. PJH Friday at 3:56 pm

    I work in the IT industry. Honestly, I’m not sure how one would even implement such a thing without being seriously burdensome on a national basis. More importantly, anything that can be implemented can be hacked. For all its faults, the nice thing about today’s situation is that if something is compromised, it only affects a small part of your life. I shudder to think what would happen if a person got complete access to my life based on one card, password, or whatever.

  8. CCRider LLC Friday at 3:57 pm

    You can take away my passwords when you can pry them from my cold, dead fingers (figuratively speaking, of course). I don’t care what kind of technology you come up with, I still want to be able to have a layer of security that comes only from the imagination of my own mind…

  9. Leonard Hamilton Friday at 4:11 pm

    Stop wasting money on nonsense such as this. Hackers can break in to any system, no company is 100% hacker proof and most theft comes from employees anyway.

  10. Former IT guy Friday at 4:25 pm

    Great comments! The consensus seems to be give up and give in (and a little hate and paranoia re the prez). What a bunch of losers. The idea is to keep a step ahead of the criminals – duh – else the whole system will collapse.

  11. Revelation Friday at 4:26 pm

    Good idea. Everybody can receive a personal identification, or a “mark” if you will. Then, to ensure all transactions are secure, those who refuse the mark will not be able to buy or sell. This is starting to sound like a book I read. . .

  12. edinelgin Friday at 4:35 pm

    Can we test the system by using biometric identifies to combat illegal immigration?

  13. Jim Schuh Friday at 4:36 pm

    How about a tattoo on the forehead: 666 ???

  14. greg Friday at 4:37 pm

    It’s going to be the implanted chip, just like the Rothschilds have wanted for 400 years.

  15. Obama, where did your advisors study Computer Science? You’re an idiot. Do something more worth while you’re still in office.

  16. it’s Gore’s fault…he invented the internet

  17. CC Rider Friday at 4:56 pm

    Hey “Former IT Guy”,
    Instead of just bashing the people who you obviously disagree with, why don’t you tell us how easy this scheme will be to implement, and just how effective you think it will be. If all you got is personal insults, then please stay in the “former” category….

  18. Johanna Friday at 5:02 pm


  19. DHW Friday at 5:18 pm

    If we get National I.D. cards under this administration, and later on the Republicans are voted into office, do you think the Republicans will abolish the National I.D. card?

  20. nrb Friday at 5:27 pm

    For some reason the song by Rockwell from the 80’s “Somebody’s watching me” immediately popped in my mind. 27 years later, and he hit the nail on the head.

  21. Saa Friday at 5:29 pm

    Uhm considering that all the military relies passwords, let’s have these people do something else first. Instead here comes more government group think rather than actual leadership from the government. Where can I sign up to participate in a “forum” that decides nothing at taxpayers’ expense? Free trip to Hawaii!

  22. Jeff Friday at 5:38 pm

    More likely one would see a token plus password (or even PIN to keep it a bit simpler) system to stall thieves of the token until it is reported lost — much like with an ATM card. Biometrics are great when you can control the hardware, such as for door controls, but aren’t the best for over the Internet.

  23. Mary Ann Friday at 6:38 pm

    I have been “Banking OnLine” for almost a year now and was skeptical about doing it until my bank assured me I was encrypted and safe with my own password. I have not purchased anything online as of yet. We learned a lesson about signing any document without one another’s approval. This sneaky insurance company deducted $49.50 out of our checking account; I had to borrow from our savings account to cover the deduction so there would be no NSFs. It shorted us also. This company is affiliated with our bank and they got into our account without notification or our bank account no. To me it is a way of fraud. Check your bank balance every time you receive your statement.

  24. Dr. Roadlife Friday at 7:09 pm

    And this is coming from the administration that let go the USA control of the Internet.

  25. Alz Friday at 7:16 pm

    This is why the Administration is building ginormous datacenters. They’ll be peeking into everything. It won’t be long until the IRS gets into our stuff.

    And what about Obamacare? People with bad habits will be nicked with higher government costs.

    Just keep in mind that the government hates the freedoms on the internet. That terrible “Net Neutrality” is another one to be against.

  26. Matt Friday at 7:17 pm

    I find it ironic people are afraid of a government database of some sort, but yet willingly give up far and away more information on Facebook.

  27. Mr.Nick Friday at 8:12 pm

    What this clown wants is a permanent internet cookie for EVERY USER..

    MMM what can the government do with that???

    It kinda limits anonymity doesn’t it?

  28. You're all idiots Friday at 8:37 pm

    It’s not surprising that majority of commentators are complete idiots and have no business speaking about the subject.

    Password-less authentication systems are already in place, which includes transactions the everyday person is accustomed to, and does not necessarily include biometrics (for all you tinfoil hat fashionistas). There’s no harm or disadvantage to dedicating research on how it can benefit the country (and world) as a whole.

  29. mike Friday at 8:44 pm

    Sorry to inform everyone but this technology is already in use today by tech savy companies. The only ones that loose data are teh old dinasours There are tracking databases that can give an online retail a guarantee that the person shopping from a particular is who they same they are. Again sorry They ads on the front page of teh tribune we chosen soecifically for you. If you knew what really went on you wouldn’t worry about an id. If you have an Ipass in your car they know where you are ever minute of the day.

  30. chris Saturday at 1:15 a.m.

    whether it’s a RSA public key, a private key, a password, biometrics, etc…what’s to stop hackers from exploiting anything new?….and what’s to stop the government from exploiting our info for themselves? technology can always be reverse-engineered, and private information can always be abused! ….just GOOGLE: RSA Hacked

  31. Wise investor Saturday at 10:27 a.m.

    Check out BKYI.OB, BIO-KEY for biometric fingerprint products. Rec’d part of the FBI’s Next Generation ID program…has multiple partnerships with well-known companies for ID theft protection, smartphone applications, PCs/laptops, healthcare/prescription, retail, etc.

  32. Wick Saturday at 11:56 a.m.

    You might look at … they have a pretty good appoach to this… JMHO

  33. Big_Mack1 Saturday at 6:36 pm

    Passwords are the weak link in any system. You could have the most secure network in the world, but as soon as some nitwit uses his pet’s name for his 6-letter password, that secure system suddenly becomes very weak and vulnerable. Biometrics is not completely hack-proof, but it does deter hackers to a less-secure target. I have a small USB fingerprint scanner next to my keyboard that not only verifies thai it is me, but it can also generate a 32-character random character password. Cost=about $10 bucks. Peace of mind? Priceless…

  34. Stancia Sunday at 5:33 a.m.

    Photoshop is an amazing tool for altering reality, but it’s only really great when you’re aware of its effects. There are several tools existing to help people detect Photoshopped images. Of them site Photoshopped Image Killer offers the best result. Unlike other forensic analysis tool, analyzes image integrity in the content level, which is more accurate and reliable.

  35. Jose Sunday at 8:28 pm


Leave a comment

Required. Your email address will not be published.