September 14, 2006 at 7:58 pm Leave a comment

One of the things I’m looking at for work is the issue of authentication. Ok, don’t all yawn at once, because this little word affects all of us every day.

How are you represented online? How does any company you deal with online know who you are? What proof do you offer them, or what proof does a company demand in order for you to trade with them. And the question that I’ve most been thinking about, how are your children, or mine for that matter, representing themselves online.

Which brings us to Friendster, MySpace, and some of the other online ‘communities’ where children congregate. MySpace does no authentification whatsoever when someone creates an account on their servers. They ask for no proof of who you are, nor do they care who a prospective user is. They ask the small question about age, but kids are experts at lying.

While perusing my kid’s MySpace accounts last night, as I do nightly just to make sure everything is up to my approval, I saw that the Girl had accepted a Friend I didn’t recognize. On going to that person’s site, I noted that this was a kid in my daughter’s 8th grade class that was representing himself as a 19 year old boy from California. Because of how he represented himself, he had a lot of soft core porn on his site. I deleted him immediately as my daughter’s friend, and reported him to MySpace for fraud. His page is still up today.

My children and their friends are experts on Ebay. They know how to buy buy buy, but they’re not all that astute about how sellers work. They don’t always notice things adults would, yet they are liable for shopping, even when the seller is less than honest. Had ebay used an authentication methodology, they would know that someone under the age of 18 was entering into a binding contract without parental consent, which isn’t legal. But ebay doesn’t authenticate once a userID and password has been attached to an account.

Some of the ways to authenticate who is using an account are by using passwords, but we’ve all learned that controlling passwords is fairly pathetic to ensure secure transactions online. What about those ecommerce companies that promise secure transactions by placing that little SSL padlock on the bottom of a page? Is that any safer? Nope, it’s not. That padlock guarantees pretty much nothing except that you have been told to trust it. But it’s not trustworthy.

What about pin numbers? Same as passwords, they’re too easy to break and again don’t promise security. Biometrics is exciting and new, but there are way too many things that don’t work about it. Fingerprints aren’t like on CSI, where you run them through a computer and get a perfect match in 5 seconds. It’s much more complicated than that, and hardly foolproof. Iris scannings? Are you planning to stick your eyeball into an ATM machine? Not me. DNA… yeah, right. Maybe in 200 years but certainly not now.

So what does that leave? One thing is to change the way we authenticate who we are in this country. Some think that a national identity card is the way to go, with an embedded PK1 chip that would contain all the information as to who you are. It would not be linked to a driving license…or maybe it would be a national driving license. It would not be linked to a passport. But still, how do you prove who you are in the first place?

One idea that has been kicking around is to have a digital birth certificate of sorts. This would be similar to an identity card, but could be international in nature, and governed by an agency outside the control of any government or nationality. I like this idea. a lot. As you may have grasped, I don’t trust business to authenticate, but I also don’t trust. governments, especially our government here in the USA to be responsible for identity authentification. Can you imagine the disaster that would be, since HomeLand Security can’t even pass their own security tests. Nope, they’re not to be trusted at all.

I don’t mind having some kind of international identity card that authenticates who I am, but I do want it to be based on some legal premise. Right now in the US, we don’t have any legal way of proving who we are. Birth Certs are easy to obtain, social security numbers are as well. And yet those are the two methods we use to say who we are. That’s kind of sad.

I’m going to continue this in a series of posts. But I’d like to know what you think about this topic. So please comment.


Entry filed under: Authentication.

Parenting teens in the days of MySpace

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed

September 2006
    Oct »

Recent Posts

%d bloggers like this: