It’s time for a new ID

I signed up for Lifelock today. Spending another $40 a month to cover my wife and me is not something I relish doing. But I feel it would be irresponsible not to have proactive credit activity monitoring in the wake of the Equifax data breach that affected 143 million people.

Other data breaches have affected a greater number of people. But this one gave away the whole farm: social security numbers, driver license numbers, birth dates, and addresses. The company’s official announcement gives an air of “nothing much to see here.” In reality, it’s about as bad as you can get.

Am I a little paranoid opting for Lifelock’s premium coverage? I was trying to tell myself that, yes, I was being paranoid and that this would be a waste of money. Then I worried, though, that if I were one of the unlucky Equifax “customers” who had all that information taken, there would be nothing to stop someone from opening an account in my name or accessing my accounts to bleed them dry. My caution got the best of me, I gulped and signed up, cushioning the blow by deciding to make monthly payments rather than pay for an entire year in exchange for a few percentage points.

I also experienced a pang of indignation as I wondered, “Why are we using lifelong social security numbers that can’t be changed to protect valuable assets?”

Indeed, why?

We need to move to a national key fob or smart card system. Key fobs and smart cards display a numeric code that changes at preset intervals. Companies have used these for years. They distribute them to employees or customers, who use them to log into the company’s systems by punching in the currently displayed code, perhaps along with a password.

What I’m suggesting is an expansion of that system to the federal level. Every citizen would have a key fob or smart card issued by the federal government whose code would change daily. They would also have a username and password stored on the federal government’s central authentication system. To engage in a financial or medical transaction, the person would have to enter both his or her username and password and the code currently shown on the key fob or smart card. This two-factor and continuously-changing authentication would be far safer than grouping static private and sensitive information in a place where hackers might access it.

The technology exists, and it can be scaled to accommodate hundreds of millions of users if we commit enough hardware to the problem. It is time to move to a nationwide dynamic identification system.

 

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *