17 December 2017

44975

Retired Member

3,251Posts 11,857,864Views 3,524Comments
Whatever...

Whatever...

A place to share stuff that isn't at all fintec related but is amusing, absurd or scary.
A post relating to this item from Finextra:

Atos Origin loses UK government data

03 November 2008  |  7845 views  |  0
2957.jpg
A memory stick containing passwords for a UK government services Web site where members of the public register to complete their tax returns has been found in a pub car park after being lost by contra...

What did I say about that dongle? Mobilise me please.

03 November 2008  |  2978 views  |  1

I have no doubt that mobile authentication might be a better approach than the dongle full of passwords you're supposed to leave in the office. While it's handy to have a USB stick to carry data around, it might prove easier to secure that data with mobile authentication and have it never leave a secure IT domain.

The first thing that occurred to me is that if the person who lost their USB stick outside a pub lost their mobile phone in similar circumstances they would notice almost immediately. That would reduce the risk.

Secondly, I can't see how anywhere that an individual might have other individual's logons or passwords could ever hope to be a secure environment. That is why we have individual logons and passwords. The risk of damaging a business unit by putting employees in a position where they might be blamed for another's actions would be enough incentive to have not such a policy, if the potential litigation risk after an incident and loss of customer confidence wasn't enough. Insider fraud or malicious acts occur all too commonly and the potential damage to employee morale and reputation is very real.

ID can and should increase personal safety and a mobile solution can address any need from the driver/policeman and cable repairman/household viewer through to the merchant at the other end of the world. No other method could provide so many benefits for so many people so quickly.

It's all too obvious that when it comes to identity, we're ultimately all going to have to 'speak the same language' and apply the same standards. It is absolutely necessary infrastructure for almost everything we do whether in Mumbai, Miami or Madrid and all the places in between. We need it even if we don't visit anywhere in our lives. We need to trust the person or organisation in that digital marketplace, and in the final analysis - an individual.

The current fractured approach to the same essential process defeats us all and undermines the integrity of everything we do and then distracts us with the dramas that such disparate systems invite.

Everyone needs their identity - and they need it with them almost all the time. It's time to put it into the one practical device that most of us aspire to carry. Let those who don't want the other features comply with the majority, for the choice has already been made. It's clear that the favourite is the mobile phone, and even those who do not wish to buy one would be far better off with a $20 disposable and enjoy all the benefits that mobile ID can bring.

Mobile authentication won't cure everything, we'll still need encryption and data security and effective storage procedures but it will fix a lot of things. It could fix the internet for a start and reduce costs in every area of government. The arguments have all been made for an ID card and the response from the public was less than enthusiastic. Of course, because no-one could see a personal benefit in a card yet they could easily see the risks. A mobile ID can provide clear benefits everyone can see and understand and cleary reduce the risks.

It's a good time for governments to look at a unified inter-operable approach to identity and access security where overall risks are reduced and the methodology provides for easier administration and crystal clear accountability. With governments holding stakes in so many financial institutions, that taxpayers' money should be able to produce some productivity benefits and a low cost mobile solution might just provide more than expected.

 

TagsSecurity

Comments: (2)

Steve Liles
Steve Liles - Sheffield Computer Systems PL - Sydney | 03 November, 2008, 21:19

I agree wholeheartedly, Dean.  This whole business is getting out of control!  What will we have to wait for next...our first line of defence to break down because someone forgot their password?..or maybe there will be a mandate to have the password tattooed on their private parts?...no I won't go there!!  And a safe place to put the token device for one-time passwords...Oh my G**, I'm definitely not going there!!  So here it is, the message is clear to all governments, start now to put in place a new authentication paradigm...and if you don't know how...just ask.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
A Finextra member
A Finextra member | 03 November, 2008, 22:25

Yes Steve, I can't really see the queue's lining up like at an iPhone launch enthusiastically proclaiming 'donglize me!'. You can only take so much dongling.

Enough with the dongles.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Retired's profile

job title
location
member since 2014
Summary profile See full profile »

Retired's expertise

Member since 2009
3181 posts3,524 comments
What Retired reads

Who's commenting on Retired's posts

Ketharaman Swaminathan
Raymond Lee
James Andrew
Dharmesh Mistry
David Andrzejek
Ralf Ohlhausen
Tom Hay
Nicola Cowburn
Michael Wright
Charmaine Oak
Francis Chlarie