Forbes reported on the recent release of the National Strategy for Trusted Identities in Cyberspace in an article by Kashmir Hill dated April 15, 2011. The article provides a great understanding of what the NSTIC aims to accomplish and why it was necessary in the first place.
Essentially, the days of the username and password are dead, and, according to Commerce Secretary Gary Locke, the time has come to "'create a more secure online environment.'" During a recent event at the U.S. Chamber of Commerce, Secretary Locke was trying to dispel conspiracy theorists' claims that the NSTIC is really a national online ID system. Although government-sponsored, the NSTIC "is intended to be led by industry."
In a nutshell, "the more places you keep a username and password, the more opportunities hackers have to break in and crack your system. Of course, you want to make sure that your main identity authenticators are secure ones. . . . " The rub with the NSTIC is that "industry" includes Facebook, Google, and JPMorgan Chase (i.e. several business with different missions and priorities). As Leslie Harris, of the Center for Democracy and Technology recenlty put it, putting the NSTIC into practice will require a "'spray bottle of water and a lot of cat nip' as it will be like herding cats."
Let's hope not.
For the entire article from Forbes, follow the link above, or click here.