French Government Pushes for End to Passwords

by

It seems that the French government considers the whole “input your password” method of account security to be a little dated, instead advocating a system of ‘digital certificates’ for access to accounts.

Nothing like a nice, secure password 😉

Word of the change comes from TechRadar, which has it that the latest plan comes directly from France’s secretary of state, Nathalie Kosciosku-Morizet, whose brainchild the whole digital-certificate project is in the first place. It’s certainly an interesting prospect, and one that only gets more interesting the more you read about it, particularly its applications when it comes to official documentation. Indeed, it seems the certificate won’t be accessible to too many services.

For now, the trial-run of France’s digital certification program has featured the French Banking Federation, the Federation of French Insurers and La Poste, which should give some impression of the types of services the French see themselves ditching passwords on.

For now, there’s relatively little word on just how the new certification system would work, but the folks at TechRadar seem to think that it’s likely to be kept on a SIM-styled card or a USB stick. Once the device is mounted, then the certificate will be accessible.

Still, it seems as though the whole idea might prove to be significantly less secure for those who are capable of setting difficult-to-break passwords, especially given the relative ease with which the relevant USB-sticks or memory cards might be stolen, swapped or confused.

It’ll be interesting to see if we start to see lockets/bracelets/keyrings and other similar arrangements appear that can help keep people from losing their very-secure-altogether digital certificates 😉

Advertisements

Tags: , , , , , , , , , , , , ,

4 Responses to “French Government Pushes for End to Passwords”

  1. Stephen Lacy Says:

    Keys can be broken down into three categories:
    Something you know (Passwords)
    Something you have (Physical Key, USB with digital cert, RFID tag)
    Something you are (Biometric)

    Any two is sufficient in order to be fully secure.

    AIB use a one time pad as the something you have, and a username and password as the something you know

    Digital certs are a good idea because you can lose your usb key just like your password, but unlike your password the digital cert can be copy protected preventing it from being taken without you noticing it’s missing.

    Ideally the usb key would be able to perform some assymetric encryption on board to stop the cert from needing to be accessible.

  2. Stephen Lacy Says:

    Biometric security provides information that can be used by governments and other large organisations to increase their power over those who rely on the biometric data to provide them security.
    This makes any failure of a country to be democratic far more potentially damaging.

    I guess we have to ask ourselves does that power belong in the hands of governments? Can it be regulated in such a way that we are protected from our government as well as by our government and is the reduction in danger from identity theft and the convenience and possibly even economic benefit from introducing biometric security greater than the danger of abuse of such a system.

    Personally I would be fine with the Irish government knowing the dna, fingerprint, retina etc for all it’s citizens provided data protection regulation, it could reduce crime. But then I’m not much for privacy.

    • komplettie Says:

      It’s not much for the privacy aspect that it scares me, it’s really the fear of it being abused or the extent to which a breach of that system would constitute a genuine risk to someone’s person…

      Not to go mad on biosocial theory, but I imagine there’d be unexpected potential biosocial implications too, which is always a little strange to think of.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: