Here's some ideas someone more ambitious than me may be able to get rich with.
In order for this to really happen, it's going to have to be universally known, accepted, standardized, trusted, and affordable. That's impossible, at least in a single device. On top of that, no one will ever agree on what's best. Real ID? Voice? Retina, etc...
Not all services people need to authenticate with require DOD level concern either, not should they.
So- here's the idea:
standardize one side of a device, say with USB- and vary the other side. Let them get built into keyboards, cell phones, etc where they can be. Multi-factor authentication is frequently additive if not multiplicative in enhancing security. Different factors could have a "score" built into the standard, which would indicate the resistance to compromise. Services wouldn't have to have any allegiance to a particular factor or factors- they could set a minimum total score needed. Once authenticated, the client could optionally increase the minimum if they choose.
How to have a standard though- in a world where premier security firms still get compromised themselves? Private interests I'm afraid tend to corrupt truth in scoring due to their inevitable bias. Scoring must be done (and continually re-evaluated) independently- if not with government funding behind it, with great scrutiny at least.
Given the cost of compromises on both ends, perhaps tax incentives should be granted for services meeting greater security metrics. It might be the only way to lure the Facebooks and Googles to lead the practice and implementation of the standard. Once a few big players are lured, so too are the bulk of customers they carry with them.
More innovative factors are also needed. Card swipes, retinal scans, finger/voice prints- all good. But they need to be built right into our interfaces eventually... keyboards, mice, monitors, etc. I'd love it if I received 12 tiny RFID tags per year, each only functional for a given month, which I could then transparently paint on to my fingernail. It's got the benefits of an injectable without the creepiness. I get to work, stick my finger in the hole in my keyboard and say hello and I can log in. I use my finger, voice, and real ID card and I can buy a stereo online or access my banking records. My officemate nearby accomplishes the same tasks with all different factors that sum the same. You get the idea.
Customers like me at least, wouldn't even need the increased security incentive- if it was more convenient at the same time. Marry the two though, and you've got a sure winner.
Discussion on:
Show:
