Online Identity Theft Prompts Security Guidelines From White House

April 21, 2011 -- As a way to combat online identity theft in the age of digital shoplifting, the White House has developed a plan dubbed the National Strategy for Trusted Identities in Cyberspace, or NSTIC. "Today, we take another major step; this one to ensure that the Internet's security features keep up with the many different types of online transactions people now engage in," Commerce Secretary Gary Locke said at the unveiling last week.

For the typical consumer, the plan means a partial consolidation of Internet logins, a kind of "Facebook Connect" for online shopping, with the government's stamp of approval. Another part of the plan lays the groundwork for hand-held authentication devices.

People in the near future could verify their online identity through a cell phone or keychain. "Today, we have lots and lots of usernames and passwords and, generally speaking, people have pretty bad habits," Aaron Brauer-Rieke, a fellow at the Center for Democracy and Technology, said. "They don't use good passwords. They use repeat passwords for the same username across the Internet."

Of course, too few passwords can also present a problem. "On the flip side of the scale, if you have one username and password, that's also a bad security situation," Brauer-Rieke said.

So policy makers will aim for a balanced approach, emphasizing the need for multiple login providers as a way to combat identity theft. Improved security could encourage consumers and financial services companies to adopt mobile payments through smartphones.

Proponents of the system emphasize that the program would be voluntary. Industry and government want to avoid the appearance of a mandatory national online identity program.

"This is not a government-mandated, national I.D. program," said Leslie Harris, president of the Center for Democracy and Technology, a group that specializes in digital privacy issues. "In fact, it's not an identity 'program' at all."