Every week seems to bring news of yet another website hacked, user accounts compromised, or personal data stolen or misused. Just recently, many Facebook users were required to change their passwords because of hacks at Adobe, a completely different company. Why? Because hackers know that users frequently re-use the same password at multiple websites. This is just one of many reasons that the system of passwords as it exists today is hopelessly broken. And while today it might be a social media website, tomorrow it could be your bank, health services providers, or even public utilities. Two complementary national initiatives aim to do better before the impacts of this problem grow even worse.
Developed in 2011, the National Strategy for Trusted Identities in Cyberspace (NSTIC) is a key Administration initiative to work collaboratively with the private sector, advocacy groups, public sector agencies, and other organizations to improve the privacy, security, and convenience of sensitive online transactions. NSTIC calls for the creation of an Identity Ecosystem – an online environment in which individuals can trust each other because they follow agreed-upon standards to authenticate their digital identities. What this means for individual users is that they will be able to choose from a variety of more secure, privacy-enhancing identity solutions that they can use in lieu of passwords for safer, more convenient experiences everywhere they go online.
The NSTIC also helps multiple sectors in the online marketplace, because trusted identities provide a variety of benefits: enhanced security, improved privacy, new types of transactions, reduced costs, and better customer service. The National Institute of Standards and Technology (NIST) is leading implementation of the NSTIC.