« Paying attention by not paying attention | Main | Thinking about thinking about the future »


A thought-provoking post with, as you say, no obviously right answer.
My main gripe with the current situation is that each organisation has its own way of doing things, I suppose based on the software they employ and the sensitivity of the transaction involved. And one is advised to choose different passwords so that if the Amazon one is comprised, it won't be put straight into eBay as well. So I have dozens of passwords that I have to write down somewhere or forget them.

Will any combination of secrets, PINs and external hardware really get round this?

And is the other extreme, such as a single, integrated, online ID verification system (presumably along the lines of Mastercard SecureCode or Verified by Visa, or minimal disclosure tokens), where the organisation I am transacting with links through to a central point to authenticate my identity, any better (assuming that if this becomes comprised then the fraudster can use it to access any organisation)?

PS (either my html attempt failed, or the html is blocked) - to give Jerry Fishenden due credit, 'minimal disclosure tokens' was supposed to link here: http://www.computerweekly.com/Articles/2008/06/30/231283/identity-assurance-for-the-uk.htm

The comments to this entry are closed.

September 2009

Mon Tue Wed Thu Fri Sat Sun
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30        
Blog powered by Typepad