A post relating to this item from Finextra:
03 November 2008 | 7821 views | 0
A memory stick containing passwords for a UK government services Web site where members of the public register to complete their tax returns has been found in a pub car park after being lost by contra...
I have no doubt that mobile authentication might be a better approach than the dongle full of passwords you're supposed to leave in the office. While it's handy to have a USB stick to carry data around, it might prove easier to secure that data with mobile
authentication and have it never leave a secure IT domain.
The first thing that occurred to me is that if the person who lost their USB stick outside a pub lost their mobile phone in similar circumstances they would notice almost immediately. That would reduce the risk.
Secondly, I can't see how anywhere that an individual might have other individual's logons or passwords could ever hope to be a secure environment. That is why we have individual logons and passwords. The risk of damaging a business unit by putting employees
in a position where they might be blamed for another's actions would be enough incentive to have not such a policy, if the potential litigation risk after an incident and loss of customer confidence wasn't enough. Insider fraud or malicious acts occur all
too commonly and the potential damage to employee morale and reputation is very real.
ID can and should increase personal safety and a mobile solution can address any need from the driver/policeman and cable repairman/household viewer through to the merchant at the other end of the world. No other method could provide so many benefits for
so many people so quickly.
It's all too obvious that when it comes to identity, we're ultimately all going to have to 'speak the same language' and apply the same standards. It is absolutely necessary infrastructure for almost everything we do whether in Mumbai, Miami or Madrid and
all the places in between. We need it even if we don't visit anywhere in our lives. We need to trust the person or organisation in that digital marketplace, and in the final analysis - an individual.
The current fractured approach to the same essential process defeats us all and undermines the integrity of everything we do and then distracts us with the dramas that such disparate systems invite.
Everyone needs their identity - and they need it with them almost all the time. It's time to put it into the one practical device that most of us aspire to carry. Let those who don't want the other features comply with the majority, for the choice has already
been made. It's clear that the favourite is the mobile phone, and even those who do not wish to buy one would be far better off with a $20 disposable and enjoy all the benefits that mobile ID can bring.
Mobile authentication won't cure everything, we'll still need encryption and data security and effective storage procedures but it will fix a lot of things. It could fix the internet for a start and reduce costs in every area of government. The arguments
have all been made for an ID card and the response from the public was less than enthusiastic. Of course, because no-one could see a personal benefit in a card yet they could easily see the risks. A mobile ID can provide clear benefits everyone can see and
understand and cleary reduce the risks.
It's a good time for governments to look at a unified inter-operable approach to identity and access security where overall risks are reduced and the methodology provides for easier administration and crystal clear accountability. With governments holding
stakes in so many financial institutions, that taxpayers' money should be able to produce some productivity benefits and a low cost mobile solution might just provide more than expected.