W3C home > Mailing lists > Public > public-identity@w3.org > June 2012

NSTIC and Passwords

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sun, 10 Jun 2012 08:03:07 +0200
Message-ID: <4FD4389B.8020105@telia.com>
To: "public-identity@w3.org" <public-identity@w3.org>
*<http://www.linkedin.com/groups?viewMemberFeed=&gid=3747110&memberID=3791951&goback=%2Egmp_3747110> *

http://news.cnet.com/8301-1009_3-57450025-83/linkedin-posts-update-on-password-leaks
<http://www.linkedin.com/redirect?url=http%3A%2F%2Fnews%2Ecnet%2Ecom%2F8301-1009_3-57450025-83%2Flinkedin-posts-update-on-password-leaks&urlhash=yLJc&_t=tracking_disc>

It is (to me at least) pretty obvious that NSTIC [1] won't get far unless the technology for authenticating on the Internet takes another major step forward!

Related: Internet payments using credit-cards still rely on "User IDs" (Card Numbers) and "Passwords" (CCVs) printed in clear on the cards.

Since giant players like FB and LinkedIn as well as the international banking community apparently can't fix this, one wonders how a somewhat obscure government program like NSTIC intends dealing with
this gaping hole in the arsenal.

Anders

1] http://www.nist.gov/nstic
Received on Sunday, 10 June 2012 06:03:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 10 June 2012 06:03:55 GMT