Interoperable authentication credentials
It’s hardly surprising that 61% of the 102 IRS employees tested improperly disclosed their usernames and passwords. I suspect they are people after all and therefore prone to social engineering. Sadly, it seems they didn’t even get a chocolate in exchange.
Passwords of course continue to have a role to play in online authentication. But, they need to be limited to transactions where the identity-related risk is truly low.
It would be so much easier if two-factor authentication was ubiquitous. One way to get there quicker is to have interoperable authentication credentials.
It was therefore good to see news coming out of Australia that ANZ Bank has struck a deal with a government department to pilot a way for bank-issued smartcards to also be used as authentication credentials with the government.
This is part of the VANguard program which “will provide validation, authentication and notary services to facilitate online business with government agencies.”
A downside of using smartcards online and yet making use of the digital certificate is the need for a smartcard reader of some sort. That doesn’t however seem to be a problem for ANZ’s business customers as they are already using them for a range of Internet-based banking services.
This is great- one interoperable authentication credential for banks and government, one step closer to ubiquitous two-factor authentication.