RSA warns that ID frailty will harm e-commerce

RSA is pushing hard for mass adoption of its two-factor identification technology to boost faith in e-commerce. Consumer markets offer a fresh prospect for the company, but without strong authentication and federated identity, the internet will become unsafe for business, warns the company.

Art Coviello, CEO of RSA, said at the RSA Conference in Barcelona that the rise of e-commerce was a tipping point which could make or break the success of online services. "Phishing, for example, concerns customers, but vendors even more. In response, we've seen service providers such as banks scaled back services to an unprecedented degree."

Howard Schmidt, CIO of eBay, agreed. "The internet falls down in identity management," he said. "We still use passwords everywhere." According to Schmidt, identity theft was the top crime reported to the FTC over the past four years.

To take secure identity management into the mass market, RSA is targeting the consumer space with the goal of constructing trusted communities.

In September, it announced a joint deal with AOL to produce tokens for the ISP's subscribers, and RSA is working with other partners on similar ventures.

By driving two-factor authentication into the mass market, RSA hopes to create a groundswell of adoption by other organisations.

"The idea is to create trust relationships in online communities," said John Worrall, vice-president of worldwide marketing for RSA. For customers such as AOL, the goal is to create a federated identity structure to drive business relationships, by building a user community to attract partner services, he said.

This has been the goal of federated ID projects for years, but their problem has always been the single point of failure inherent in a shared password. Strong authentication solves this to a point, but not everyone is convinced. "Some 95 per cent of the world's computers only use a password, but the way the IT industry has dealt with passwords is backwards," says Malcolm MacTaggart, president and CEO of CryptoCard, one of RSA's competitors.

"Projects such as the Liberty Alliance are just the non-Microsoft version of Passport: putting all your passwords in one basket."

Attackers will find ways to target tokens if they became widespread, he concluded.

www.rsasecurity.com; www.aol.com; www.cryptocard.com