Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

Most people identify themselves online by juggling a long list of user names and passwords. Most industry experts agree that this approach is hopelessly broken.

A few technologies have been invented to address the problem of online account overload, for example, the open standard OpenID, which lets people use a single credential to log in to multiple sites. Companies are also vying to fill the gap–Facebook, for instance, offers technology that lets people log into other Web sites using their Facebook credentials.

Now the U.S. government is hoping to step in and improve the state of online identity management. In a draft recently posted online, the Department of Homeland Security outlined a possible National Strategy for Trusted Identities in Cyberspace–a document that suggests how the government could facilitate a system for managing identities. The system could be used not only by government sites such as the Internal Revenue Service, but by other websites, including commercial ones.

The draft document does not suggest creating a national ID card or government-mandated Internet identity system. Instead it proposes a way to combine existing online identity technologies to create a simpler, more privacy-conscious identity system, without the government taking control of the whole thing.

The document asserts that an integrated online identity system should be secure, compatible with other online identity systems, privacy-enhancing, and voluntary, as well as cost-effective and easy to use. The draft suggests starting with accounts that users might already have, like those from Google or Facebook. Providers would be certified as reliable and secure. Then users could choose a company or organization to sign up with, and their credentials would be in a standard format that would be widely accepted.

The draft document gives several examples of how a new system might look. For example, it suggests that a user might have an identification technology connected to her cell phone. That system could be used to log onto a government site and access tax services, for example. This would prevent the user from having to create a new password for that site, and it would save the government from having to maintain any of the authentication infrastructure.

Or, the draft suggests, a user might use credentials stored on his computer to log into an online pharmacy. In this case, the information would confirm that he was over 18 and that his prescription was legitimate, but it wouldn’t hand over any additional information.

6 comments. Share your thoughts »

Credit: Technology Review

Tagged: Web, passwords, OAuth, online identity

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me