Senior Executive Advisor for Identity Management
National Institute of Standards and Technology
|Sign up to receive |
NSTIC email updates
The Internet has become indispensable for most of us. Shopping. Connecting with friends. Banking. Blogging. Reviewing medical records. We use it for just about everything.
Unfortunately, on the Internet as in life, not everyone is looking out for our interests. Cyber crime costs individuals and businesses billions of dollars every year. An estimated 11.7 million Americans were victims of identity theft of some kind including online identity theft over a recent two-year period.
A recent Federal Bureau of Investigation report stated that "identity theft has emerged as a dominant and pervasive financial crime that exposes individuals and businesses to significant losses and undermines the credibility and operation of the entire U.S. financial system."
A contributing factor is the unmanageable number of passwords people must remember to access their online accounts. Many people don't even try; they just re-use the same ones for all of their accounts, making it that much easier for identity thieves.
The National Strategy for Trusted Identities in Cyberspace (NSTIC) envisions a cyber world - the Identity Ecosystem - that improves upon the passwords currently used to log-in online. It would include a vibrant marketplace that allows people to choose among multiple identity providers - both private and public - that would issue trusted credentials that prove identity.
For example, student Jane Smith could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. If she uses one of these credentials to log into her Web email, she could use only her pseudonym, "Jane573." If however she chose to use the credential to log-in to her bank she could prove that she is truly Jane Smith. People and institutions could have more trust online because all participating service providers will have agreed to consistent standards for identification, authentication, security, and privacy.
Some key benefits: