WebProNews

Tag: identity

  • Okta Buying Competitor Auth0 For $6.5 Billion

    Okta Buying Competitor Auth0 For $6.5 Billion

    Okta has announced it is buying Auth0, in a deal worth an estimated $6.5 billion.

    Okta is an identity and access management firm, specializing in helping companies and developers build identity security into their products. Founded in 2009, the company has become a leader in the industry, and boasts some of the biggest companies in the world as its customers.

    Auth0 is one of Okta’s biggest competitors, and also specializes in secure access solutions. Like Okta, Auth0 has some of the biggest names in business as its clients.

    The merger will help accelerate Okta’s growth in the $55 billion identity market. Auth0 will operate as an independent unit within Okta and both platforms will be supported, although the goal is to integrate them over time.

    “Combining Auth0’s developer-centric identity solution with the Okta Identity Cloud will drive tremendous value for both current and future customers,” said Todd McKinnon, Chief Executive Officer and co-founder, Okta. “In an increasingly digital world, identity is the unifying means by which we use technology — both at work and in our personal lives. With so much at stake for businesses today, it’s critical that we deliver trusted customer-facing identity solutions. Okta’s and Auth0’s shared vision for the identity market, rooted in customer success, will accelerate our innovation, opening up new ways for our customers to leverage identity to meet their business needs. We are thrilled to join forces with the Auth0 team, as they are ideal allies in building identity for the internet and establishing identity as a primary cloud.”

    The deal is subject to regulatory approval and expected to close the quarter ending July 31, 2021.

  • Identity Is the Central Platform For Companies To Embrace Cloud

    Identity Is the Central Platform For Companies To Embrace Cloud

    “One of the things powering our growth too is that more and more technology leaders and people in the security industry and customers and users are understanding the importance of identity,” says Okta CEO Todd McKinnon. “They’re going from a world where they were thinking about cloud computing, firewalls, and VPNs, and now they’re thinking about identity as being the central platform to really embrace the cloud, create a great digital experience for customers, and also keep it all secure.”

    Todd McKinnon, CEO of Okta, discusses how identity has become the central platform for companies to embrace the cloud in an interview with Jim Cramer on CNBC:

    We Have 6,550 Happy Customers Across the Entire Globe

    We have 6,550 happy customers across the entire globe. We come to work every day making sure that we make them secure, make them successful, and help them adopt cloud and transform their businesses. One example is Major League Baseball. We do a couple of very important things for MLB. The first is that we help their employees log into the applications they need in order to be productive at work. They can log in securely and with a very positive simple user experience.

    The second thing, which is more recent, is we are the login system and the security layer for MLB.com. If you’re logging in and streaming those baseball games you’re logging in through Okta to get to MLB.com. It’s really helpful for them because that they can take their awesome developer and engineering talent and focus it on building core parts of that application and that experience versus the security parts that we can do better.

    To Deliver Trusted Technology You Have To Start With Identity

    Zoom (a customer of Okta) is a great company with another great product experience. They’ve revolutionized a market a lot of people thought was really entrenched with a lot of competitors. They came out with a better product and its results are kind of speaking for themselves. What we’re seeing in our business and it’s really driving these results you’re seeing is that every organization from sports league like MLB.com to a university like Seton Hall to the largest enterprises in the world, financial institutions and governments, they all have to connect more closely and more securely with the people in their ecosystem.

    Whether that’s students or alumni or faculty or employees or customers, what’s at the center of all that interaction is technology. If you want to talk about trusted technology and delivering that to people you have to start with identity. That’s what we’re doing for all these organizations around the world and that’s what’s powering our results.

    Identity Is the Central Platform For Companies To Embrace the Cloud

    It’s a really important role we’re playing. If you think about it, especially in the case of Zscaler, companies are moving away from the old world, which was they had a firewall around their network and everything inside was secure and everything outside was blocked. Now they’re moving to this world called Zero Trust which means they basically don’t trust anything. They want to verify everything. When you have to verify everything you have to have this passport, you have to have this digital identity, and that’s we’re providing. For a lot of companies, we’re turning a world that’s pretty daunting in terms of how you give this flexibility or this openness and making it secure and very simple to use.

    One of the things powering our growth too is that more and more technology leaders and people in the security industry and customers and users are understanding the importance of identity. They’re going from a world where they were thinking about cloud computing, firewalls, and VPNs, and now they’re thinking about identity as being the central platform to really embrace the cloud, create a great digital experience for customers, and also keep it all secure. It’s that mindset and that consciousness in the market of the importance of identity as a platform that is really leading people to come to Okta and driving our results.

    Our businesses are global of course. We don’t have as much exposure to China as other companies have but in an indirect way, we’re helping companies of every organization across the entire world be successful with their businesses as well. We do think about powering business globally. So it’s in everyone’s interest I think to have as much free trade and as much economic commerce as possible. Indirectly, we do benefit from that, so we have a close eye on that as well.

    Identity Is the Central Platform For Companies To Embrace Cloud, says Okta CEO Todd McKinnon
  • Kim Kardashian ID Thief Sentenced

    Kim Kardashian ID Thief Sentenced

    Kim Kardashian is the latest celebrity to fall into the hands of an identity thief. No, she did not take part in the many identity frauds and scams that have been making their rounds, however Luis Flores, Jr, 19, was still able to weasel his way in to Kardashian’s bank account.

    Flores was somehow able to gain access to Kardashian’s personal information which included her credit card numbers, bank accounts, and social security number. Flores then changed some of her accounts to his accounts, taking thousands of dollars from the Keeping up with the Kardashians star.

    Not only was Flores able to hack into Kardashian’s accounts, he also managed to get into her mother Kris Jenner’s account, as well. Although the amount taken from Kardashian’s accounts is unknown, we do know that Flores took a whopping $71,000 from Jenner.

    It was not until May 2013, when Flores attempted to order replacement cards for the accounts he had stolen and have them sent to his own personal address in Florida, that he was caught by the United States Secret Service agents.

    Luckily, Flores was caught in the act, and has been sentenced to three and a half years in federal prison. Flores also targeted Ashton Kutcher, Tom Cruise, Joe Biden, Michelle Obama, and Bill Gates, among others.

    To protect your identity, be informed about the current scams that are making their way through the public. The FBI has a list set up on their website under common frauds to keep people updated.

    What do you think about Flores’ punishment? Do you think he should have to serve a longer sentence? Leave your comments below.

    Image via Wikimedia Commons

  • Underage Girls Targeted For Sex In Intricate Facebook Fake Identity Scam

    Since the advent of the internet, people have always cited the relative “anonymity” that it provides as both a strength and a danger. Are people really who they say they are? Anyone who’s a member of any online community knows how easy it is to falsify information about yourself. Remember the running joke back when chat rooms were still popular? That hot 18-year-old girl you’re talking to probably looks like Danny DeVito, right?

    One man in Pennsylvania is being charged with 68 felony counts after he went to painstaking lengths to manipulate underage girls through a series of fake Facebook accounts.

    According to Attorney General Linda Kelly, the investigation into the activities of William R. Ainsworth began back in September of 2011, after he was arrested for attempting to engage in sexual acts with a 14-year-old girl. After he was arrested, they found that this one lascivious meeting was just the tip of the iceberg. After combing through thousands of online communications, performing 18 searches, and interviewing over 30 children, the state has put together one hell of a story about Mr. Ainsworth.

    “We quickly discovered that there was much more to this case than the sexual solicitation of one girl,” Kelly said. “What we found was an intricate web of false Facebook identities that were used to establish online relationships with vulnerable girls, who were then manipulated into sending nude photos to Ainsworth – believing he was a young surfer living in Florida – or physically meeting Ainsworth for sex – under the impression that those sexual encounters would help raise money so the girls could run away to Florida to be with their new online friend.”

    Here’s how Ainsworth allegedly constructed his webs of lies:

    First, he created two fake Facebook profiles – Bill Cano and Anthony “Riip” Navari. He built up both profiles by creating a network of friends with people in the greater Pittsburgh area. Both of his characters were young surfers who had dropped out of high school and ran away to Florida. He supposedly bolstered the believability of his characters by taking images from around the internet.

    Apparently, he amassed over 600 friends between the two fake profiles.

    He then used Bill Cano to make contact with young girls. Once he had manipulated them by gaining their trust over a period of time, he would get them to send him nude and sexually explicit photos.

    But that wasn’t enough. Here’s where the story takes an even darker turn.

    Once Ainsworth had established a community of girls that cared about Bill Cano, he killed him off. Then comes “Rip” Navari, who swooped in posing to be Bill’s step-brother or best friend. He told the girls that Bill had been attacked and killed. It’s pretty easy to see how young girls could get wrapped up in all of this.

    Ainsworth then put a third fake character into play, named Glenn Keefer. Keefer’s profile said that he was a “Sugardaddy looking for Sugarbabies,” living in the Pittsburgh area. Ainsworth used Rip to introduce the girls to Keefer. The story was that if they stripped or performed sex acts with Keefer, then he would give money to Rip so that Rip could help the girls fly down to Florida to be with him.

    All in all, Ainsworth’s web tangled up 7 victims from the ages of 13-15. Five of those girls ended up sending nude photos and he actually met with two of them (posing as Keefer) for the purposes of sex.

    This is a pretty intricate fake identity scam, and if found guilty, Ainsworth is going to pay a heavy price for it. You always hear about stuff like this, and how it could happen. But it’s very rare to see something surface that’s this elaborate. The internet is one of the greatest inventions of all time – but damn, it can be cruel.

  • Google+ Will Support Pseudonyms In the Future

    In a surprising turn of events, it appears that Google will start letting users of Google+ have profiles for pseudonyms. Google has taken a very strict stance on this until now.

    Vic Gundotra revealed at the Web 2.0 Summit that they’re going to support pseudonyms in the future. “We’re working on it, so it’s coming,” he said. “It was largely an issue of development priorities. It’s complicated to get this right. It’s complicated on multiple dimensions. One of the complications it’s complicated on is atmosphere. If you’re a woman and you post a photo and Captain Crunch or Dog Fart comments on it, it changes the atmosphere of the product.”

    He says they wanted Google+ to be a product where you can discover people you know. “They’re not called Captain Crunch. They’re called Lisa Adams.”

    “That doesn’t mean we’re not going to support other forms of identity coming, it’s just that this is the way we wanted to roll out the service. This is the atmosphere we wanted.”

    For the record, you can currently find both a Dog Fart and a Captain Crunch on Google+:

    Dog Fart on Google Plus

    Captain Crunch on <a href=Google+” src=”http://cdn.ientry.com/sites/webpronews/article_pics/captaincrunch.jpg” title=”Captain Crunch on Google+” class=”aligncenter” width=”616″ height=”325″ />

    Editor’s Note: It’s Cap’n Crunch. Not “Captain”.  

    Currently, in the Google+ Help Center, Google says:

    Google+ makes connecting with people on the web more like connecting with people in the real world. Because of this, it’s important to use your common name so that the people you want to connect with can find you. Your common name is the name your friends, family or co-workers usually call you. For example, if your legal name is Charles Jones Jr. but you normally use Chuck Jones or Junior Jones, any of these would be acceptable.

    If you are unable to complete the Google+ sign-up flow, or your profile was suspended for a name-related issue, review our guidelines below.

    It then instructs you to “use your full first and last name in a single language,” “put nicknames or pseudonyms in the Other Names field,” and “avoid unusual characters in your name.” It also says your profile and name must represent on individual, and that you shouldn’t use the name of another individual.

  • The Ever-Changing World of Social Media

    Google+ is growing a lot now that it’s open to the public. It’s worth noting, but there is a much bigger picture in the social media competition conversation than Facebook users vs. Google+ users.

    Do you use any Google product? If so, you should be counted as a Google+ user. Tell us which Google products you use in the comments.

    We’ve often seen stories in the media about how people sign up for Google+, but rarely post. The important nugget of information that often goes unnoticed, however, is that this is generally in reference to public posts, and Google+ VP Product Bradley Horowitz talked about this in an interview with Wired.

    “We’ve found there is actually twice as much private sharing as there is sharing that’s visible to everyone on the Internet,” he said. “That’s why sometimes it looks like people sign up and then don’t come back. In fact, they’re sharing with small groups of people that they trust and love. It’s just not publicly visible. So there’s this sort of dark matter that the public can’t see.”

    Let’s not forget that one of the main things people found appealing about Google+ from the onset was the Circles sharing concept – the concept of having more control over who sees what. You’re not supposed to see every post from everybody. This isn’t Twitter (despite the ability to use it that way).

    In fact, this concept was so well received that Facebook knew it had to have similar options, which it recently launched.

    Horowitz also noted that Google has plans to address the issue of people who are not engaging or visiting Google+ enough, though he didn’t go into specifics. Perhaps the main point to take away from that interview is that Google+ is simply Google – a point I have brought up numerous times, I might add (even before Google+ was launched).

    Essentially, the point is that Google as a whole – it’s portfolio of products – is the network. Your Google account, regardless of whether you use Google+ itself, makes you a user, because it’s all connected, and will be connected in many more ways as time progresses. Google+ – the streams, circles, hangouts, etc. are simply features of the greater Google social network.

    In Horowitz’s own words, “Google+ is Google itself. We’re extending it across all that we do—search, ads, Chrome, Android, Maps, YouTube—so that each of those services contributes to our understanding of who you are.”

    There you have it. WHO YOU ARE. I would say it’s about who you are on the web, but those lines are getting blurrier by the day. Take Google Wallet, for example. If this becomes as widely adopted as Google hopes, you’ll be using it to purchase physical goods at physical stores on a regular basis. This isn’t just bout online identity. It’s about identity.

    I’m not saying we’re going to be giving up our driver’s licences or social security numbers anytime soon, (although Andy Rooney might think that’s a good idea). But we are going to be using our online identities for more than just web-related tasks and fun.

    Google+ is one of many gateways Google has for users to enter the Google universe and have that Google account available as their identity. Google has a tremendous advantage over Facebook in those terms. So many products. So many gateways. With Facebook, you’re either a Facebook user or you’re not. With Google, you may not be a Google+ users, but you may be a Gmail user or a Google Docs user or a YouTube user, etc. It’s all one in the same.

    That’s not to say that Facebook is going to lose any ground here. Facebook already has 800 million users. That’s just ridiculous. Facebook has taken a very different path by essentially focusing on one product – the social network (and the platform around it), but they’ve done it better than anybody. They’ve done it so well that just about every brand needs to be involved in one way or another, whether it’s simply having a page or building apps, connecting content, logins, etc.

    Facebook did things right when they needed to and blew every competitor in the social network space out of the water, and despite numerous feature additions, redesigns and other changes, there is no indication that it will be losing its spot in the social network chain of command.

    Despite taking a very different path from Google, the destination is the same – your identity. If you have a Facebook account, you can use it to do a lot of things on the web, and I’d be surprised if you won’t be able to do more and more in the physical world with it in the future.

    There are plenty of other services out there that give you an online identity, but it seems that Google and Facebook are the frontrunners in this department. Twitter will likely get a big boost from iOS and the iPhone 5, due to its heavy integration with the operating system. Apple’s launch event is October 4, we’ll probably learn more about this at that point, though Facebook is supposed to have some new iOS apps in store as well.

    The good news is that so far users don’t have to choose which identity they want to be their own. You can have a Google ID, a Facebook ID and a Twitter ID, and use them as you see fit. You can even have a Yahoo ID, a Microsoft ID, a LinkedIn ID, a MySpace ID, and whatever else you want (and that includes OpenID and things of that nature as well). What these companies stand to gain from being your primary ID is having you use more of their services, or spend more time with their products, which is when your ID becomes easier to monetize. Whether it be virtual currency or serving your advertisements, your ID is worth money. That may be a tough pill to swallow for some, but it’s how the world works.

    You can live off the grid if you like, but it may get harder and harder to do so as more companies go paperless, and more online services find more ways to penetrate the physical world. Life may get harder to navigate without an online ID of some kind.

    Social media has evolved very quickly, and it continues to do so. Who would have thought it would go in this direction when you were first setting up your Myspace page?

    One very interesting element to all of this is that email still rules the Internet. Google ID? You get an email address. Even Facebook has email addresses now. To this day, you still need to have an email address to even sign up for Facebook. It’s probably been a while since you paid any attention to Facebook’s sign up box. Here’s what it looks like:

    Facebook Sign up  

    You even need another email address to sign up for a Gmail account.

    Who is in better position to win the identity war? Google or Facebook? Somebody different? Let us know what you think in the comments.

  • Google+ is About Your Identity

    Google+, while still young, can be a lot of different things to a lot of different people. As time goes on, it will no doubt serve many more purposes. We still have brand pages to look forward to after all, and countless forthcoming integrations.

    At its heart, however, Google+ is about identity. That’s straight from former CEO and current Executive Chairman Eric Schmidt.

    NPR reporter Andy Carvin posted on Google+ about a Q&A he participated in with Schmidt:

    He replied by saying that G+ was build primarily as an identity service, so fundamentally, it depends on people using their real names if they’re going to build future products that leverage that information.

    Regarding people who are concerned about their safety, he said G+ is completely optional. No one is forcing you to use it. It’s obvious for people at risk if they use their real names, they shouldn’t use G+. Regarding countries like Iran and Syria, people there have no expectation of privacy anyway due to their government’s own policies, which implies (to me, at least) that Schmidt thinks there’s no point of even trying to have a service that allows pseudonyms. Unfortunately, the way the Q&A was conducted, I wasn’t in a position to ask him a followup on this particular point.

    He also said the internet would be better if we knew you were a real person rather than a dog or a fake person. Some people are just evil and we should be able to ID them and rank them downward.

    Schmidt’s words and the philosophy is quite interesting considering a Public Policy Blog post from the company back in February. In that, Google Director of Privacy, Product and Engineering, Alma Whitten wrote, “Attribution can be very important, but pseudonyms and anonymity are also an established part of many cultures — for good reason. When it comes to Google services, we support three types of use: unidentified, pseudonymous and identified. And each mode has its own particular user benefits.”

    “Equally as important as giving users the freedom to be who they want to be is ensuring they know exactly what mode they’re in when using Google’s services,” Whitten said.

    The post discussed an update to Google’s top navigation bar indicating what account they were signed into. Still, Google did say, “While some of our products will be better suited to just one or two of those modes, depending on what they’re designed to do, we believe all three modes have a home at Google.”

    CNN has shared a video interview with Schmidt talking about identity and how the company should have gone social sooner:

    The focus on identity makes a great deal of sense, as social networks have essentially become who we are on the web – see Facebook log-in an sites all over the web. It makes even more sense when you consider Google’s grand plans in payments with the inevitable integration of Google+ and Google Wallet.

  • Google Looks to Make ID Info More Transparent

    Google has an interesting post on its Public Policy blog, talking about how users can identify (or not identify) themselves, when using Google services. The company says it’s looking at ways to make such information more transparent.

    According to Google there are three types of product use, and they each "have a home" at Google, but for different purposes:

    Unidentified. Sometimes you want to use the web without having your online activity tied to your identity, or even a pseudonym—for example, when you’re researching a medical condition or searching for that perfect gift for a special someone. When you’re not logged into your Google Account (or if you never signed up for one), that’s how you’ll be using our services. While we need to keep information like IP addresses and cookies to provide the service, we don’t link that information to an individual account when you are logged out.

    There are different kinds of identification

    Pseudonymous. Using a pseudonym has been one of the great benefits of the Internet, because it has enabled people to express themselves freely—they may be in physical danger, looking for help, or have a condition they don’t want people to know about. People in these circumstances may need a consistent identity, but one that is not linked to their offline self. You can use pseudonyms to upload videos in YouTube or post to Blogger.

    Identified. There are many times you want to share information with people and have them know who you really are. Some products such as Google Checkout rely on this type of identity assurance and require that you identify yourself to use the service. There may be other times when it’s more desirable to be identified than not, for example if you want to be part of a community action project you may ask, “How do I know these other people I see online really are community members?”

    Identification is becoming an increasingly important topic on the web. In one regard, there’s the whole topic of having a web ID to use to log-in to multiple services, such as those being discussed as part of the White House’s "National Strategy for Trusted Identities in Cyberspace" (NSTIC) plan

    Another sub-category of the identity debate is that of anonymous blog comments. Facebook product design manager Julie Zhuo contributed an op-ed piece to the New York Times recently, calling for content providers to stop allowing for anonymous comments on their content, in an effort to maintain accountability for what is said.  We discussed that here

    It’s good that Google is recognizing that different types of identification make sense for different scenarios, and it will be interesting to see the steps the company takes with regards to "transparency".

  • Google’s Open Web Advocate Talks White House Web ID Plan

    As previously reported, the White House is working on a "National Strategy for Trusted Identities in Cyberspace" or NSTIC, in which it has placed the Commerce Department in charge of an "Identity Ecosystem". The initiative has drawn a mixture of praise and criticism, and judging by our own readers’ comments, there is a whole lot of criticism. More on this here.

    Share your thoughts on the White House’s strategy.

     We had a discussion on the subject with Chris Messina, Google’s Open Web advocate. Messina was there when the plan was revealed, and is rather knowledgeable in the subject of online identity (besides working for Google, he’s on the board of the OpenID Foundation, and has worked with Mozilla to produce a concept on implementing identity in the browser called "The Social Agent") , which is why we felt he would be a good person to share his views on the strategy.   

    "As it stands, I can see why people are angry or confused, but, while vague, the NSTIC isn’t as bad as people seem to think — the fact that it’s being run out of commerce means that the government is looking for innovation and competition — not to own these identities," Messina tells WebProNews. "Of course I can’t say what this means about surveillance and security, but anyone who uses a cell phone or hosted email should already understand that they’re susceptible to government wiretaps and data seizure — oftentimes without needing to be informed (Twitter is the rare exception recently). Anyway — if you can pick an identity provider that’s certified to meet certain criteria and that you also trust — that seems win-win to me."

    What the government has suggested appears to be the use of platforms like OpenID. " We need a vibrant marketplace that provides people with choices among multiple accredited identity providers – both private and public – and choices among multiple credentials," said Cybersecurity Coordinator and Special Assistant to President Obama, Howard A. Schmidt, upon the announcement of the plan. "For example, imagine that a student could get a digital credential from her cell phone provider and another one from her university and use either of them to log-in to her bank, her e-mail, her social networking site, and so on, all without having to remember dozens of passwords. Such a marketplace will ensure that no single credential or centralized database can emerge."

    Chris Messina Talks White House Web ID Strategy"The government’s NSTIC plan is designed to promote OpenID and other existing (and not-even-invented) initiatives," explains Messina. "In fact, the NSTIC was written with input from many of these groups including the OpenID Foundation. It went through an open comment period as well — so it’s not as if many of these concerns weren’t raised before. Since the final draft of the NSTIC hasn’t been released yet, I expect many of them will be reflected in the final draft."

    "The NSTIC calls explicitly for the creation of an ‘identity ecosystem’ — fancy words for saying ‘we don’t want a system where there’s only one identity provider’ (least of all the government!),’ Messina continues. "Now, one of the challenges with creating an ‘ecosystem’ is that you end up with potentially non-interoperable solutions, leading to consumer confusion and frustration (think: ‘Sorry, we don’t accept American Express here’). So while the government intends to rely on private industry to develop the technologies and protocols — such as OpenID — that will enable this ecosystem, I believe that the government has a role in placing pressure on the industry to eventually select a set of standards we can all live with."

    "I, for one, would prefer to avoid a government-developed identity standard at a time when industry is rapidly innovating in this space and wants to solve this problem as much as — if not more than — government does," he adds. "But I also know that there are a lot of vested interests that would love to have their pet protocol selected as the gold standard here (pun intended) and that’s going to require leadership, persistence, and an open process so that the best solution(s) to the problem eventually shake out from several years of competition and experimentation."

    A common concern expressed by the public has been along the lines of: a single username and password for all sites is a bad idea, and is not secure, compared to having many usernames and passwords.

    "The user’s concern is valid," says Messina. "One username and password for everything is actually very bad ‘security hygiene’, especially as you replay the same credentials across many different applications and contexts (your mobile phone, your computer, that seemingly harmless iMac at the Apple store, etc). However, nothing in NSTIC advocates for a particular solution to the identity challenge — least of all supporting or advocating for a single username and password per person."

    "In reality, different applications requiring different levels of security, and different behaviors require different kinds of protections," he says. "As Howard A. Schmidt pointed out, for many people, you don’t necessarily want to use the same password that you use for Facebook that you do for your bank. For someone like me, however, where my social media presence is both very important and valuable to me, I want to protect all of my accounts — financial and social networking — equally. So there’s no one-size-fits-all solution, but that’s closer to the reality today — where I as a user often DON’T have a choice about how strong the security deployed to protect my accounts is — versus the future, where we’ll have an ecosystem of identity providers all offering different kinds of protections."

    "To restate this point: when I sign up for an account today, why can’t I choose to login in everywhere with my Google account and then rely on Google’s anti-fraud and second factor authentication features to protect my account? Or, if I’d prefer to use someone other than Google, why can’t I use them instead, and rely on, say, their biometric security features?"

    "Until a competitive marketplace and proper standards are adopted across industry, we actually continue to have fewer options in terms of how we secure our accounts than more," he says. "And that means that the majority of Americans will continue using the same set of credentials over and over again, increasing their risk and exposure to possible leaks (see: Gawker)."

    In the comments section of our previous article, one reader asked who would be responsible "WHEN (not if)" the systems proposed get hacked. 

    "Going back to my previous point, if we truly arrive at a user-centric ecosystem, then the party that you choose to represent you as your identity provider will be responsible should anything happen to your account," says Messina. "And I hope that people actually choose their identity provider carefully, and based on the steps that they take to secure your account and keep it safe."

    "A user-centric model demands that users be in charge of selecting their identity provider, and that this free choice creates a competitive marketplace where identity providers compete for customers," he adds. "If one provider has lax security or onerous identity proofing requirements, the market will ideally reflect that situation by rewarding or punishing them economically, leading to user-positive improvements. Some of this does depend on users having some understanding of what’s at stake when it comes to their online identities and profiles, but just as people safeguard their cell phones today, I think people will feel similarly protective of their online accounts in the future (if they don’t already) and will look for ways to keep those accounts safe and secure."

    As we reported before, there doesn’t appear to be anything in the NSTIC indicating that people will be required to use ID systems spawned by the initiative – a point that some people may have overlooked.  

    "The last thing that I’ll add — which itself is controversial — is that this whole system, at least at the outset, will be voluntary and opt-in," Messina says. "That means that if you don’t want the convenience of not having to use passwords anymore, you won’t have to. If you’re okay rotating your passwords and maintaining numerous discreet accounts across the web, that’s cool too. I don’t think a mandatory system would succeed — at least not without proving its security, stability, convenience, and utility over several years."

    "Furthermore, the fact that this initiative is being run out of the Commerce Department, which has an interest in stimulating growth, business, and innovation, means that we hopefully won’t end up with a set of technologies designed only by security wonks that are completely unusable by regular folks, but that the market will see the exploration of a number of different competitive solutions, and from them, a few will stand out as leading the way forward."

    "I am hopeful that NSTIC, at the very least, is raising these issues at a critical time on the web — where the future of competition for who owns your identity online is in question," Messina concludes. "My hope is that we arrive at a place where people have a choice, and they can go it alone as steadfast libertarians might prefer, or they can choose to get some assistance from the Googles and Facebooks of the web in dealing with this increasingly important issue."

    Speaking of Facebook, any system – existing or spawned from NSTIC – will have a hell of a time competing with Facebook for "owning" users’ online IDs. Facebook has nearly 600 million users worldwide, according to recent estimates, and has a pretty big competitive advantage with its Open Graph and Facebook Log-in features already implanted firmly across many sites around the web.

    Comments welcome