Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
    Digg this story   Add to  
Firms: Don't expect federated IDs soon
Published: 2006-02-16

SAN JOSE, Calif. -- Banks and analysts have seen the adoption of two-factor authentication driven by federal requirements and early adopters, but warn users that their pockets might be filled with dongles and smart cards because a universal access token is years away.

The comments were made at a panel discussion on consumer identity in the financial industry. An E*TRADE Bank executive said that the company had more than $700 million in accounts protected by two-factor authentication and that customers that use a second factor have tripled the money in the accounts compared with a control group that only uses passwords.

However, the number of tokens and smart cards that people use to get online may skyrocket because companies do not yet see the benefits of working together. Some security and e-commerce companies have touted a future where consumers can sign in once and use that federated authentication throughout the commercial Web.

"I don't that happening this year, I don't see it happening next year or the year after that--that leaves 2009, and I'll leave that one open," said Jonathan Penn, principal analyst for security and identity with Forrester Research. "There are a lot of issues, but basically it boils down to trust and antitrust."

In the past, Microsoft has tried to turn its Passport online identity system into the backend authentication system for e-commerce providers, but privacy experts worried that the move would give a single company too much power in managing consumer information. While several other companies--such as AOL and American Express--have created the Liberty Alliance for creating technical standards around federated identity, the technology has not been rolled out to consumers.

Posted by: Robert Lemos
    Digg this story   Add to  
Comments Mode:
Firms: Don't expect federated IDs soon 2006-02-20
Tommy Ward (1 replies)


Privacy Statement
Copyright 2009, SecurityFocus