Quantcast

Strange love for passwords

Strange love for passwords

Now, I’m not going to speculate too far into the future, to a time when Visa displaces the DMV or passport agency as issuer of authoritative international credentials for every kind of identification and authentication. However, there are no other entities that have Visa and MasterCard’s topical ubiquity and influence.  They’ve picked their technology, and if it isn’t in your hands now, it will be soon. It might not fit corporate authentication or private transaction use cases perfectly, but as noted in RFC 1925, “given enough thrust, pigs fly just fine.”

Actually, in an end game, I could see credit card companies taking over as the issuer or vetter of id tokens. Of course, I’ve always thought it made more sense for a government issued id to combine the token and attribute portions of a passport, driver’s license, all those annoying shopping loyalty programs, AAA card, and any credit accounts you may have. Sort of a universal card. If the tokens were appropriately encrypted and obscured, with some kind of user-controlled release I think we could shift the convenience/privacy tradeoff far enough that people would go for it.

Although — if you really wanted to be ambitious with your identity system, once you had a smartcard based system — maybe an access control vendor, or discount program could get the mass deployment necessary, you could cut the credit card companies out of the middle. At least for debit-card like transactions it seems you could process for 1% or so and still make a tidy profit. Even credit lines have to be highly attractive given the number of parties who want to get in the game.