back to article US commission whistles to FIDO: Help end ID-based hacks by 2021

A White House commission on improving cybersecurity has come up with a list of recommendations for US president-elect Donald Trump’s administration – including a target for no big hacks to involve identity-based compromises. The US Commission on Enhancing National Cybersecurity has identified 16 key recommendations on security …

  1. This post has been deleted by its author

  2. Pen-y-gors Silver badge

    Fundamental lack of understanding (as usual)

    Or maybe it's deliberate.

    The whole report seems to focus on proving identity, not on the simpler question of whether the person (or robot) at the other end of the line has permission to use an account.

    There is a world of difference between proving to every website I visit that I am the real Zaphod beeblebroz, NI number XA 123456C, DOB 01/02/1876 - an identity that will then be saved and can be used for tracking - and the simpler password-based option which shows that the person who knows the password for a/c @Pen-y-Gors is allowed to use that account. I could give the credentials to a dozen friends. Why not?

    Identity is something totally different, and far more dangerous. And of course it will be hackable by criminals, no matter what our governments dream about in their security fantasies.

    I don't have to prove my identity when I buy a packet of crisps or a book in a local shop. Why should I have to online?

    I'm not too fussed if someone hacks my account at aintkittenscute.com or elreg (but it would be a shame to lose that silver badge), but it's rather more important than no-one knows who is really visiting aintkittenscute.xxx. Ditto my bank.

  3. Mike 16 Silver badge

    One Size Fits All

    First off:

    --- I don't have to prove my identity when I buy a packet of crisps or a book in a local shop. ---

    "Yet". That is clearly the goal, so your medical insurance premiums can rise if you are not following the latest (obsolete, industry-written) diet guidelines, and the various TLAs can keep an eye on everybody who might read dangerous material like "De Re Metallica" (not about music, btw).

    The thing that bugs me is that in addition to things that are sufficiently trivial that a password is sufficient, they want to replace them for things for which a password (as one factor) is necessary. Thumbprint to take my DVR out of "sleep"? uh, OK, maybe. Thumbprint lifted off the mug I last used at a pub, to transfer all my worldly possessions to Somalia? No thank you very much.

    1. Arthur the cat Silver badge

      Re: One Size Fits All

      the various TLAs can keep an eye on everybody who might read dangerous material like "De Re Metallica"

      WTF? I've got it in my library, I don't remember anything particularly of interest to TLAs in it.

      The funniest bit was the section on dowsing. Agricola obviously didn't believe in it, being a sensible chap, but his patron obviously did and insisted on the section being written, which lead to obfuscated wording worthy of Sir Humphrey over 400 years before Yes Minister.

  4. streaky

    FIDO

    .. won't even push their own U2F standard so what hope is there? Think only one of the huge list of members actually deploys it (Google).

  5. Anonymous Coward
    Black Helicopters

    One thing government can actually do

    Stop using SSNs (and other serial numbers) to identify citizens. That's not the sole root cause of ID theft but it's certainly a big one.

    Better yet, get out of the business of tracking citizens' identities altogether. Aye, a "modest proposal"...

    1. Anonymous Coward
      Anonymous Coward

      Re: One thing government can actually do

      @troland re:"...get out of the business of tracking citizens' identities altogether."

      ROFL. You're new around here aren't you.

  6. Anonymous Coward
    Facepalm

    A White House commission on improving cybersecurity

    "A White House commission on improving cybersecurity"

    There's your problem. what the f**k would the White House know about ' cybersecurity'?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021