Let’s face it. Despite LastPass (which has been hacked in the past) and all the other password managers, there’s just got to be a better way.
About 70% of folks would rather have a single, go to multi-purpose identity verifyer instead of having the hassle of dealing with multiple passwords. The study below is worth a glance (41 pages). It was multinational, and covered a wide range of ages (18-65+).
The big difference was in the U.S. the surveyed preferred using a mobile device (like a fob of some sort), the U'.K. a smart card and Germans preferred biometric devices. I’ve written about EyeVerify here. Most users feel the methods used by online banks is trustworthy. The good news is that most folks are willing to try something new, provided they are assured the method is secure. Back in 2010-2011, the administration there were plans to convene industry workshops to work on this. The initial policy statement is here. Not everyone agreed with this. For example, Mark Gibbs. COICA (The Combating Online Infringement and Counterfeits Act) never got voted on. One good summary of why it wasn’t good legislation can be found here.
Since then, NSTIC has progressed and the first of five trial runs has been run. This is a major milestone.
“In addition to piloting the use of strong authentication credentials, Daon's pilot also focuses on the movement of relying party partners to external identity providers and trust frameworks as well as cross-sector credential interoperability. Following AAAE, other partners scheduled to go live include AARP, PayPal, Purdue University and a major bank…"TrustX (and the IdentityX technology it uses) enable organizations to conduct transactions of consequence online with confidence in the identity of the person they are interacting with," said Tom Grissen, CEO of Daon. "It is a proven technology that allows individuals to easily and securely assert their identity using any device, anytime and anywhere. We are happy to facilitate AAAE's transition to strong and convenient online authentication." ” - http://www.marketwatch.com/story/first-nstic-pilot-goes-live-with-secure-online-identity-verification-via-smartphone-2013-03-08
So, a better and supposedly more secure way of doing business is coming along.
Just keeping you up to date on this very important topic.