http://publicstrategist.com/2008/09/some-sharing-about-secrets/ Working to make government work better Mon, 09 Jan 2012 23:01:00 +0000 hourly 1 http://publicstrategist.com/2008/09/some-sharing-about-secrets/comment-page-1/#comment-43 Chris Tue, 09 Sep 2008 13:48:04 +0000 http://publicstrategist.com/?p=58#comment-43 PS (either my html attempt failed, or the html is blocked) - to give Jerry Fishenden due credit, 'minimal disclosure tokens' was supposed to link here: http://www.computerweekly.com/Articles/2008/06/30/231283/identity-assurance-for-the-uk.htm PS (either my html attempt failed, or the html is blocked) – to give Jerry Fishenden due credit, ‘minimal disclosure tokens’ was supposed to link here: http://www.computerweekly.com/Articles/2008/06/30/231283/identity-assurance-for-the-uk.htm

]]> http://publicstrategist.com/2008/09/some-sharing-about-secrets/comment-page-1/#comment-42 Chris Tue, 09 Sep 2008 13:44:09 +0000 http://publicstrategist.com/?p=58#comment-42 A thought-provoking post with, as you say, no obviously right answer. My main gripe with the current situation is that each organisation has its own way of doing things, I suppose based on the software they employ and the sensitivity of the transaction involved. And one is advised to choose different passwords so that if the Amazon one is comprised, it won't be put straight into eBay as well. So I have dozens of passwords that I have to write down somewhere or forget them. Will any combination of secrets, PINs and external hardware really get round this? And is the other extreme, such as a single, integrated, online ID verification system (presumably along the lines of Mastercard SecureCode or Verified by Visa, or minimal disclosure tokens), where the organisation I am transacting with links through to a central point to authenticate my identity, any better (assuming that if this becomes comprised then the fraudster can use it to access any organisation)? A thought-provoking post with, as you say, no obviously right answer.
My main gripe with the current situation is that each organisation has its own way of doing things, I suppose based on the software they employ and the sensitivity of the transaction involved. And one is advised to choose different passwords so that if the Amazon one is comprised, it won’t be put straight into eBay as well. So I have dozens of passwords that I have to write down somewhere or forget them.
Will any combination of secrets, PINs and external hardware really get round this?
And is the other extreme, such as a single, integrated, online ID verification system (presumably along the lines of Mastercard SecureCode or Verified by Visa, or minimal disclosure tokens), where the organisation I am transacting with links through to a central point to authenticate my identity, any better (assuming that if this becomes comprised then the fraudster can use it to access any organisation)?

]]>