I have a lot of online accounts. I have two Twitter accounts (one for myself, which I use professionally – @adammontville – and one for my non-employer online presence- @stoicsecurity). I’m on LinkedIn and I have a Facebook page, which I admitedly don’t use
very much any more. I have a Google+ account. I use (don’t hate me) GoDaddy for my personal domains. I have financial accounts online. I have eBay and PayPal accounts. If I include all of the community sites I’ve had to sign on to for content access, I’m guessing I have at least 50 unique accounts and more than that were once memories. For each of these I have login credentials. For many of these I have profile information. Can you guess what I want?
Single sign on. Across all of my accounts. More than that, however, I want a unique identifier for myself online, and there is an effort underway to provide this very thing (=adam.w.montville is my ID). For the most part, I’m a private sort of guy in the real world. I mind my business and expect that you’ll tend to yours instead of mine in return. But, I’m not against online attribution, and there is a lot of benefit that comes along with it. If I had a single identification online and could associate specific attributes with that identification, then I would have one communication mechanism, and one way to go from place to place in the virtual world. This ID would have multiple personas, so that I would be able to rank the value of the places needing my credentials. Some might only need a simple password while others would require two-factor authentication, or even transactional authentication based on organizational IDs.
Politically, we’re pretty stable here in the United States when compared to the rest of the world, so I’m not so sure that anonymity is as important here as it is for those enduring the Islamic Spring as some have called it. Still, I’m not a fool either and I know that aggregated information is the wave of the future and with that comes some more serious privacy issues even in the “advanced” countries like the United States.
As a consequence, not only do I want a single way to identify me online, but I want a failsafe way to turn that attribution off and become completely anonymous in the context of where I look and what I do online – don’t track me, and don’t put my information together from disparate sources to make inferences about me.
This is a tall order, and I don’t think it’s possible with today’s technology. I think that efforts like the single ID coupled with semantic technologies, and with entire supply chains being upended might get us part of the way there.
By now you might be asking what this all has to do with Tripwire. I’ll tell you. Other than the fact that when I come to Tripwire each day I influence the direction of products used to protect your data, and mine, this post has little to do with Tripwire. Creating products capable of protecting your personal information is great, but sometimes it’s frustrating to see that the easiest way in is often that over which we have little control – usable authentication mechanisms.
As a last note, hope you’re heading to RSA this year. If you feel like chatting about security, compliance, or the future of the Internet, come see us at Tripwire or hit me up on Twitter or Google+.