Take a moment and think of how many different usernames and passwords you use on a regular basis. Without giving it much thought, you can easily think of at least 10. For many people, they can easily think of three times that number.
Now think about how you manage those passwords - pieces of paper, a list on a computer, even a little book that you can carry around with you…and lose. Let's face it, traditional usernames and passwords are a weak way to keep online identities secure. The methods used to remember the multitude of username-password combination used to access websites - many of which contain some of your most personal financial and health care information - make them even less secure.
Imagine a day where a single set of online credentials can be used to access any website while still keeping an individual's personal information private and secure. That day may be closer than you think.
Verizon is currently working with a team of leading online-identity and technology providers to test new solutions that will ultimately create a seamless, more secure online identity system to protect Internet users from identity theft and cybercrime.
Using a grant from the National Strategy for Trusted Identities in Cyberspace, a public- and private-sector initiative launched by the White House in 2011, Verizon is part of a team led by Criterion Systems that is launching eight pilot projects over the next two years with leading enterprises in the retail, financial services and health care sectors, as well as government agencies. The pilots will help determine the feasibility of providing cost-effective and easy-to-use trust elevation, or validation efforts, for online credentials.
"The objective of the Criterion Systems pilot is to prove that trust elevation of lower-level assurance credentials is not only possible but achievable on a large scale," said David Coxe, co-founder of Criterion Systems and chief executive officer of ID Dataweb.
According to the Verizon 2012 Data Breach Investigations Report (DBIR), the exploitation of default or guessable credentials, and the use of stolen login credentials were involved in 76 percent of data breaches investigated and accounted for 83 percent of compromised records; 82 percent of compromised records were attributed to the use of stolen login credentials alone. The 2012 DBIR analyzed data from 855 data breaches in 2011, accounting for 174 million compromised records. (Note any data breach can involve multiple types of attack vectors.)
"It is clear that the traditional method of using non-validated usernames and passwords for secure online access is no match for determined cybercriminals," said Peter Tippett, chief medical officer and vice president of the Verizon Innovation Incubator. "Providing one set of credentials to logon to any website and conduct any type of online transaction will be a game-changer for Internet users."
Someday in the not-too-distant future, we may very well have an Internet-identity ecosystem that improves the privacy, security and convenience of sensitive online transaction.
If you would like to learn more about Verizon and its identity services, check out our recent white paper on Verizon Universal Identity Services.
