The Glorious End Of User Names And Passwords

[Nagishkaw 510]

Ever since the first lock and key or digital log-in and password were created, logical security and physical security have always been two separate concepts. Technologists have searched for decades attempting to find a converged solution and narrow the gap between protecting one's identity and controlling access to physical and virtual interactions.

Throughout this search, the holy grail of security and identity is to find an appropriate biometric key to fuse physical and logical worlds. Biometric solutions have been an important key to protecting identity, unlocking access control and ensuring transactional integrity--but until now there has not been a scalable, cost-effective, easy-to-use biometric solution available.

Since Alexander Graham Bell invented the telephone, the world has been careening toward a singular moment where information, action and the physical realm all combine into one. And in the coming year or two, we will see a technological leap that will change the world of identity management. Plainly said, your iris will unlock the world.

Iris-based biometrics have been a technology generally relegated to movie screen fiction and the not-so-distant future. Today that is no longer the case--the technology is here. As you read this, iris-based technology is rolling out to the institutional, governmental and consumer markets. Within a year millions of Americans and Europeans will gain access to their offices, their homes and their computers just by looking at a small device that will capture the 2048 unique points of information in each of their irises while in motion, and at a distance.

Soon, every financial transaction will be secured by a biometric signature. Small devices attached to your computer, and eventually sensors around the world, will eradicate financial fraud and ensure that you are who you say you are.

Yes, the idea that your identity will be, captured on camera and put in a data base may set off the ultra liberal and conservative elements within our society. But the real issue here is not for those who worry about the government monitoring your activities; where you are going or what you are buying. This is about protection--the real issue is what it would cost both you, in your personal life, and the government, in its attempt to be as secure and fraud-free as possible, not to employ this technology?

Putting aside the likelihood that the FBI, TSA or Customs departments could have identified and prevented 9/11 from happening had the airlines linked their systems to a international database, the costs to the consumer for identity-based financial fraud each year are staggering. Though there are no definitive global figures on losses from credit-card fraud, as most financial institutions are tight-lipped on the subject, FBI reports indicate over $315 billion in U.S. financial fraud losses each year.

These costs are directly passed on to consumers. For example, when you go to the store and make a $100 purchase with your credit card, for that $100 item, the retailer gets approximately $98. The remaining $2 is a loss of value that the merchant passes on to you. Furthermore, on this average $100 purchase, 50% of the $2 in fees is for fraud risk. For the average American that adds up to over a $1,000 per year--and that's just credit card fraud.

In a message that resonates loud and clear, a recent study by Unisys found that an individual's concern about fraud supersedes that of terrorism, computer and health viruses and personal safety. By making online transactions more trustworthy while enhancing consumers' privacy, we will prevent costly crime, we will give businesses and consumers new confidence and we will foster growth and innovation--online and across all facets of our economy.

In some ways, we will be able to predict the impact this will have on our society, and in others we can scarcely imagine the effect. All we know for sure is that this is disruptive technology will change our daily lives as we know them, undoubtedly for the better, and make us a more secure, confident, and protected society.

http://www.forbes.com/2011/05/05/user-names-passwords.html

[IR5FORMUMSIE 850]

Ever since the first lock and key or digital log-in and password were created, logical security and physical security have always been two separate concepts. Technologists have searched for decades attempting to find a converged solution and narrow the gap between protecting one's identity and controlling access to physical and virtual interactions.

Throughout this search, the holy grail of security and identity is to find an appropriate biometric key to fuse physical and logical worlds. Biometric solutions have been an important key to protecting identity, unlocking access control and ensuring transactional integrity--but until now there has not been a scalable, cost-effective, easy-to-use biometric solution available.

Since Alexander Graham Bell invented the telephone, the world has been careening toward a singular moment where information, action and the physical realm all combine into one. And in the coming year or two, we will see a technological leap that will change the world of identity management. Plainly said, your iris will unlock the world.

Iris-based biometrics have been a technology generally relegated to movie screen fiction and the not-so-distant future. Today that is no longer the case--the technology is here. As you read this, iris-based technology is rolling out to the institutional, governmental and consumer markets. Within a year millions of Americans and Europeans will gain access to their offices, their homes and their computers just by looking at a small device that will capture the 2048 unique points of information in each of their irises while in motion, and at a distance.

Soon, every financial transaction will be secured by a biometric signature. Small devices attached to your computer, and eventually sensors around the world, will eradicate financial fraud and ensure that you are who you say you are.

Yes, the idea that your identity will be, captured on camera and put in a data base may set off the ultra liberal and conservative elements within our society. But the real issue here is not for those who worry about the government monitoring your activities; where you are going or what you are buying. This is about protection--the real issue is what it would cost both you, in your personal life, and the government, in its attempt to be as secure and fraud-free as possible, not to employ this technology?

Putting aside the likelihood that the FBI, TSA or Customs departments could have identified and prevented 9/11 from happening had the airlines linked their systems to a international database, the costs to the consumer for identity-based financial fraud each year are staggering. Though there are no definitive global figures on losses from credit-card fraud, as most financial institutions are tight-lipped on the subject, FBI reports indicate over $315 billion in U.S. financial fraud losses each year.

These costs are directly passed on to consumers. For example, when you go to the store and make a $100 purchase with your credit card, for that $100 item, the retailer gets approximately $98. The remaining $2 is a loss of value that the merchant passes on to you. Furthermore, on this average $100 purchase, 50% of the $2 in fees is for fraud risk. For the average American that adds up to over a $1,000 per year--and that's just credit card fraud.

In a message that resonates loud and clear, a recent study by Unisys found that an individual's concern about fraud supersedes that of terrorism, computer and health viruses and personal safety. By making online transactions more trustworthy while enhancing consumers' privacy, we will prevent costly crime, we will give businesses and consumers new confidence and we will foster growth and innovation--online and across all facets of our economy.

In some ways, we will be able to predict the impact this will have on our society, and in others we can scarcely imagine the effect. All we know for sure is that this is disruptive technology will change our daily lives as we know them, undoubtedly for the better, and make us a more secure, confident, and protected society.

http://www.forbes.co...-passwords.html

Holy Big Brother! I just crapped myself.

[rsn 135]

I'll believe it when I see it, but I don't believe this will happen, even in the next 20 years. Biometric authentication was supposed to catch on years ago. Unfortunately, the devices and software that supported it were unreliable, at best. I have yet to see a decent fingerprint reader. An iris scanner? Yea, right.

[IR5FORMUMSIE 850]

I'll believe it when I see it, but I don't believe this will happen, even in the next 20 years. Biometric authentication was supposed to catch on years ago. Unfortunately, the devices and software that supported it were unreliable, at best. I have yet to see a decent fingerprint reader. An iris scanner? Yea, right.

Actually, they are already doing it. I guess software and technology haven't changed in 20 years, have they or are you still running Windows 3.11? Actually, comparing fingerprint readers to iris scanners is like comparing apples to oranges. Actually, your fingerprints degrade more than your irises. Actually, they don't just scan your right, they do both at the same time.

[rsn 135]

Actually, they are already doing it. I guess software and technology haven't changed in 20 years, have they or are you still running Windows 3.11? Actually, comparing fingerprint readers to iris scanners is like comparing apples to oranges. Actually, your fingerprints degrade more than your irises. Actually, they don't just scan your right, they do both at the same time.

Interesting. Perhaps you can comment on the software techniques used to implement fingerprint readers and iris scanners to back up your claim.

[IR5FORMUMSIE 850]

Interesting. Perhaps you can comment on the software techniques used to implement fingerprint readers and iris scanners to back up your claim.

Is there is no Wiki, is there no Google.

[rsn 135]

Is there is no Wiki, is there no Google.

I wasn't asking for a cut and paste. Your claim that comparing fingerprint scanning to iris scanning is like comparing apples to oranges sounds dubious to me. The fact that there is already a common API available to allow biometrics-based solutions to be implemented regardless of the technology used seems to suggest that all biometrics technology is closely related.

Biometrics readers, specifically fingerprinter readers, were standard on a number of laptop models a few years back. This is no longer the case. This to me suggest that the adoption rate of biometrics applications has likely decreased. Why is that? Well, for starters, the technology, as it has existed in consumer devices such as laptops (in the past, based on my experience) has not been usable. That is to say, usability was not, apparently, a factor that went into development of these devices. The hardware and software was slopped together, and, as a result, you had a piece of ###### solution that no one wanted to use. Financial institutions aren't exactly a bastion of cutting edge technology. Half of these companies can't even develop a sold website, much less implement a complex biometrics authentication solution.

My assertion is that simply saying something is a cool idea, doesn't make it a technology that will be adopted in the (near) future. It takes a lot more than a concept.

[^_^ 5,021]

My lenovo has a face scanner. It's a total POS. Doesn't work if I miss a shave.

[IR5FORMUMSIE 850]

I wasn't asking for a cut and paste. Your claim that comparing fingerprint scanning to iris scanning is like comparing apples to oranges sounds dubious to me. The fact that there is already a common API available to allow biometrics-based solutions to be implemented regardless of the technology used seems to suggest that all biometrics technology is closely related.

Biometrics readers, specifically fingerprinter readers, were standard on a number of laptop models a few years back. This is no longer the case. This to me suggest that the adoption rate of biometrics applications has likely decreased. Why is that? Well, for starters, the technology, as it has existed in consumer devices such as laptops (in the past, based on my experience) has not been usable. That is to say, usability was not, apparently, a factor that went into development of these devices. The hardware and software was slopped together, and, as a result, you had a piece of ###### solution that no one wanted to use. Financial institutions aren't exactly a bastion of cutting edge technology. Half of these companies can't even develop a sold website, much less implement a complex biometrics authentication solution.

My assertion is that simply saying something is a cool idea, doesn't make it a technology that will be adopted in the (near) future. It takes a lot more than a concept.

Consumer devices are not the same as military or other technology. It trickles down to everyday applications over time. Iris scanners are the wave of the future since they are less likely to suffer from the same problems that fingerprint readers have. As for processing the information, that's a completely different story. It might take longer to work out the bugs but it will arrive sooner or later.

[SMR 368]

I have to wonder how much good this will actually do (regardless of the technical feasibility). Images of people's eyes will have to be stored somewhere. And those images would be vulnerable to theft just like other personal information. Once I steal an image of your eye, with the right software I could then make online purchases with your identity just the same as if I had stolen your credit card. And cancelling an image of your eye would be more difficult than cancelling a compromised credit card number.

Biometrics may be useful for physical security if the technology gets good enough. But it won't do much for digital security. And the claim that retinal scanners could have stopped September 11th is absolutely ludicrous. The guys weren't in any database that could be compared to.

[IR5FORMUMSIE 850]

I have to wonder how much good this will actually do (regardless of the technical feasibility). Images of people's eyes will have to be stored somewhere. And those images would be vulnerable to theft just like other personal information. Once I steal an image of your eye, with the right software I could then make online purchases with your identity just the same as if I had stolen your credit card. And cancelling an image of your eye would be more difficult than cancelling a compromised credit card number.

Biometrics may be useful for physical security if the technology gets good enough. But it won't do much for digital security. And the claim that retinal scanners could have stopped September 11th is absolutely ludicrous. The guys weren't in any database that could be compared to.

Storage and retrieval of information is a problem, USCIS has so much information that it can't deal with it. Having information without being able to use it in a timely manner is and always has been an issue. The individuals involved in the September 11th attacks were all in the system with valid visas, but that means nothing since no one could have figured out what they were up to.

[46]

What's a user name?

[SMR 368]

Storage and retrieval of information is a problem, USCIS has so much information that it can't deal with it. Having information without being able to use it in a timely manner is and always has been an issue. The individuals involved in the September 11th attacks were all in the system with valid visas, but that means nothing since no one could have figured out what they were up to.

When I say they weren't in any database, I mean they weren't in a database where we would have known that they were a threat. That is, they didn't use false ID or documents. They just came in and said who they were. We didn't know they were terrorists and no amount of biometric scans would have changed that. (profiling might have, but that's another thread).

[Nagishkaw 510]

http://www.thedailystar.net/newDesign/latest_news.php?nid=29764

WB okays $195m for nat'l ID project

The World Bank (WB) on Wednesday approved a $195 million credit to Bangladesh for developing a reliable and accurate national identification (ID) system that will enable transparent delivery of benefits and services to the poor.

The credit will be used in the ‘Identification System for Enhanced Access to Services (IDEA)’ project.

Under this project, the Election Commission will build a system upon the existing voter list database. Modern technology will be used to produce robust national ID cards to protect the citizens from fraud and forgery, a WB press release said.

The release reiterates that identification numbers and cards will be issued to about 90 million Bangladeshi citizens of aged 18 years and above in next five years under the project.

“A comprehensive national identification system will transform the way in which public services, including social benefits, are delivered to recipients,” said Ellen Goldstein, World Bank Country Director for Bangladesh.

The project also serves as the foundation for the government’s ‘Digital Bangladesh by 2021’ programme, which envisions the mainstreaming of information technology as a pro-poor tool to reduce poverty, establish good governance and ensure social equity, the press release said.

---------------------------------------------------------------------------------------

http://www.stamfordadvocate.com/default/article/Connecticut-will-move-on-Real-ID-license-1370614.php#page-1

Connecticut will move on "Real ID" license program this fall

STAMFORD -- This fall state drivers will need to go through a new system for renewing and obtaining licenses that will require a variety of identification to obtain a new photo ID to flash as they enter airports, courthouses and other federal buildings.

The program, called CT Select ID, would start Oct. 3, and has been recognized as compliant with the security guidelines of the federal Real ID Act, Connecticut Department of Motor Vehicles spokesman William Seymour said.

The Real ID Act was enacted by Congress in 2005 in response to the Sept. 11 terrorist attacks on New York and Washington to require state motor vehicle officials nationwide to create a process to check the legal immigration or citizenship status during license application or forfeit federal recognition of the documents for official purposes such as travel.

DMV customer service staff and employees of American Automobile Association branch offices who conduct renewal processing will be trained throughout the month of May in how to process the licenses and winnow out phony documents, Seymour said.

"We've been looking at the federal government's vision for this program working towards compliance with it for several years as a result of the evolution of security standards since 9/11," Seymour said.

Eligibility and what combination of birth certificate, U.S. passport and documents showing legal presence in the country are needed to gain the license will vary from scenario to scenario based on whether applicants are U.S. citizens, married, and a variety of other factors, Seymour said.

For instance an unmarried male U.S. citizen applying for the license could present their birth certificate, a U.S. passport, social security card, and proof of residence to get the license.

A divorced female whose name is different on her driver's license than on her birth certificate would additionally need marriage licenses and divorce records to demonstrate their name change.

Foreign citizens studying or working in the U.S. would be required to show a variety of additional documents to corroborate their claims, such as an I-94 form which shows when you entered the country, and for students various proof of enrollment from an academic institution.

A full list and discussion of the requirements can be found on the DMV's website at ct.gov/selectCTid.

"It is difficult to discuss exactly what documentation they will need to bring because it will vary from person to person," Seymour said.

Drivers who wish to avoid the more extensive check of immigration status and background information can still renew their licenses using the old renewal process which only requires providing your current license, Seymour said.

Those applicants will receive a non-compliant license, that can subject them to more scrutiny at airports, courthouses, or other federal government buildings, Seymour said.

"There is nothing in the Real ID law that prevents us from continuing our current process which does not involve a check on people's legal status so all we're doing is continuing the current process," Seymour said. "We also felt some people may not need the new license to travel and we thought we should give them the option to opt out."

Foreigners with legal presence in the U.S. expected to last less than six years, including those with student and work visas, will be ineligible at the time of renewal to seek the Real ID compliant licenses and can only apply for the non-verified licenses.

Earlier this spring, the federal government granted an extension of the deadline to states to implement the new standards, which were created in direct response to recommendations of the 9/11 Commission to create more secure driver's license standards to help prevent similar attacks.

More than 20 states including Maine, Georgia, Washington, and New Hampshire have adopted legislation rejecting the requirements of the act out of a range of concerns for privacy and potential increased risk for identity theft.

[IR5FORMUMSIE 850]

http://www.thedailys...s.php?nid=29764

WB okays $195m for nat'l ID project

The World Bank (WB) on Wednesday approved a $195 million credit to Bangladesh for developing a reliable and accurate national identification (ID) system that will enable transparent delivery of benefits and services to the poor.

The credit will be used in the 'Identification System for Enhanced Access to Services (IDEA)' project.

Under this project, the Election Commission will build a system upon the existing voter list database. Modern technology will be used to produce robust national ID cards to protect the citizens from fraud and forgery, a WB press release said.

The release reiterates that identification numbers and cards will be issued to about 90 million Bangladeshi citizens of aged 18 years and above in next five years under the project.

"A comprehensive national identification system will transform the way in which public services, including social benefits, are delivered to recipients," said Ellen Goldstein, World Bank Country Director for Bangladesh.

The project also serves as the foundation for the government's 'Digital Bangladesh by 2021' programme, which envisions the mainstreaming of information technology as a pro-poor tool to reduce poverty, establish good governance and ensure social equity, the press release said.

---------------------------------------------------------------------------------------

http://www.stamforda...0614.php#page-1

Connecticut will move on "Real ID" license program this fall

STAMFORD -- This fall state drivers will need to go through a new system for renewing and obtaining licenses that will require a variety of identification to obtain a new photo ID to flash as they enter airports, courthouses and other federal buildings.

The program, called CT Select ID, would start Oct. 3, and has been recognized as compliant with the security guidelines of the federal Real ID Act, Connecticut Department of Motor Vehicles spokesman William Seymour said.

The Real ID Act was enacted by Congress in 2005 in response to the Sept. 11 terrorist attacks on New York and Washington to require state motor vehicle officials nationwide to create a process to check the legal immigration or citizenship status during license application or forfeit federal recognition of the documents for official purposes such as travel.

DMV customer service staff and employees of American Automobile Association branch offices who conduct renewal processing will be trained throughout the month of May in how to process the licenses and winnow out phony documents, Seymour said.

"We've been looking at the federal government's vision for this program working towards compliance with it for several years as a result of the evolution of security standards since 9/11," Seymour said.

Eligibility and what combination of birth certificate, U.S. passport and documents showing legal presence in the country are needed to gain the license will vary from scenario to scenario based on whether applicants are U.S. citizens, married, and a variety of other factors, Seymour said.

For instance an unmarried male U.S. citizen applying for the license could present their birth certificate, a U.S. passport, social security card, and proof of residence to get the license.

A divorced female whose name is different on her driver's license than on her birth certificate would additionally need marriage licenses and divorce records to demonstrate their name change.

Foreign citizens studying or working in the U.S. would be required to show a variety of additional documents to corroborate their claims, such as an I-94 form which shows when you entered the country, and for students various proof of enrollment from an academic institution.

A full list and discussion of the requirements can be found on the DMV's website at ct.gov/selectCTid.

"It is difficult to discuss exactly what documentation they will need to bring because it will vary from person to person," Seymour said.

Drivers who wish to avoid the more extensive check of immigration status and background information can still renew their licenses using the old renewal process which only requires providing your current license, Seymour said.

Those applicants will receive a non-compliant license, that can subject them to more scrutiny at airports, courthouses, or other federal government buildings, Seymour said.

"There is nothing in the Real ID law that prevents us from continuing our current process which does not involve a check on people's legal status so all we're doing is continuing the current process," Seymour said. "We also felt some people may not need the new license to travel and we thought we should give them the option to opt out."

Foreigners with legal presence in the U.S. expected to last less than six years, including those with student and work visas, will be ineligible at the time of renewal to seek the Real ID compliant licenses and can only apply for the non-verified licenses.

Earlier this spring, the federal government granted an extension of the deadline to states to implement the new standards, which were created in direct response to recommendations of the 9/11 Commission to create more secure driver's license standards to help prevent similar attacks.

More than 20 states including Maine, Georgia, Washington, and New Hampshire have adopted legislation rejecting the requirements of the act out of a range of concerns for privacy and potential increased risk for identity theft.

The slippery slope just got a lot more slippery.