Archive for August, 2012

Using offline solutions to online identity

August 9, 2012

As the recent hacks of some Apple and Amazon’s accounts highlight, it is difficult to safely authenticate people online for various recovery scenarios (lost password, hijacked account, etc).

So I am surprised that we don’t see brick and mortar solutions emerge.

For example, you could imagine Apple taking advantage of its physical presence (Apple Stores) to strengthen it’s authentication solution. A number of providers could fill that role, such as stores like Fedex/UPS/USPS, banks, or even specialized providers (if they can do it more effectively and cheaply).

As Bruce Schneier pointed out in his video on identification and ID security, identification is a system (issuance procedures, tokens and cards, registries, verification procedures, unplanned usages) and only a part of the broader system of security. There is no reason that the online and offline parts of those systems be so disconnected.