Outlook 2013

ID management moves past passwords


Slowly but surely, progress is being made on the creation of online identification and authentication systems that will meet the needs of federal agencies and commercial entities.

That progress is a result of the Obama administration’s National Strategy for Trusted Identities in Cyberspace (NSTIC), which launched in April 2011. NSTIC’s recently formed Identity Ecosystem Steering Group, which is federally funded but led by the private sector, is seeking to set standards for identity management systems across multiple platforms.

After the group gathered for a second time in December 2012, Aaron Titus, chief privacy officer at Identity Finder and the group’s Management Council delegate for privacy and civil liberties, said its preliminary progress in developing standards and use cases is promising.

Outlook 2013

Read the other stories in our Outlook 2013 feature package. Click here.

In the past year, NSTIC has developed a standard identity management scheme that consists of seven requirements. It recently conducted three pilot projects to test privacy-enhancing cryptography and two projects that use non-cryptographic privacy features; it plans to analyze the results in the coming year. “That’s where the ID world is going right now — toward identity ecosystems,” Titus said.

In such an ecosystem, a person who logs onto a social media site or online bank account would be authenticated by a trusted identity provider in accordance with NSTIC’s seven requirements, while the user’s privacy remains protected.

Roadblocks include the cost for providers and inconvenience for users, but Titus said the increase in the incidence and cost of identity theft — for individuals and businesses — could be a powerful motivator for speeding up the process.

“It is easier than ever to commit ID theft,” Titus said. And as users’ online identities become more interconnected, the ease with which a criminal can turn a hacked Facebook account into control over a user’s bank accounts is on the rise.

Accordingly, organizations are beginning to realize that basic credentials such as passwords aren’t secure enough anymore, said Ray Wizbowski, vice president of strategic marketing at Gemalto.

“If you take a step back and look at what is happening with NSTIC, there is a mass movement across even social networking sites away from basic credentials to secure credentials,” Wizbowski said. “That is the mega-trend for the next year.”

Tom Flynn, vice president of online authentication at Gemalto North America, said 2013 will likely see federal agencies move toward digital data control, with biometrics and cryptographic authentication likely methods that could drive federal policy.

“The process of vetting IDs is going to evolve,” Flynn said. “The way things are moving, you will see organizations ramping up funding for proper technology in doors, networks and mobile devices.”

Mobile technology will be less of an afterthought in ID management in 2013, he added, noting that “mobile as an authenticator [and] mobile as a derived credential holder” are conversations that are already happening.

The question that many would like to see answered in 2013 is whether federal agencies will lead or follow the commercial world in terms of ID management. How the federal government gets involved in privacy and security standards and requirements will be a key factor in what happens in the coming year in ID management.

About the Author

Frank Konkel is a former staff writer for FCW.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected