Sheire presented his vision of a 2016 ecosystem whereby security would be built-in to systems and the following would be possible:
- Apply for a mortgage online with an e-signature
- Trustworthy critical service delivery
- Security ‘built-into’ systems to reduce user error
- Online shopping with selective sharing of PII
- Secure sign-on to state website
- Privately post location to friends
The current problem, Sheire said, is that “user names and passwords are hopelessly broken – either people have too many passwords for too many sites, or they have one password across many sites.”
In 2011, 11.6 million Americans were victims of password hacks, at a cost of $37 billion, Sheire said. “Password attacks are an increasingly common vector of attack.” Measures to counteract said attacks, however, including password change demands and account set-ups, are alienating users, he said. “If it’s not simple, it’s ultimately not secure”, Sheire admitted.
In a society where personal data is “abundant and growing”, trusted identities need to provide a foundation, Sheire advised. Privacy, he confirmed, remains of challenge, due to the “honeypots of data waiting for cybercriminals to abuse them.”
“The private sector needs to lead this effort – not the government”, he said, adding the objective is to build online trust. “The Federal government should provide support for the international identity ecosystem, and the Government need to act as an early adaptor to stimulate demand.”