[Nuke]

Ultimately, however...

I do not see the need for a government regulated password system. If that warrants calling me short-sighted, so be it. But look at it this way - we have a government which is already deep, deep in the hole with respect to finances, and they're... creating a new institution? No matter how minor, this is just stupid in that regard...

Especially seeing as (a.) it does not satisfy any immediate needs, only a precieved one, (b.) is untested and will require further expenditure on an already over-streched system to operate, and (c.) inevitably will be abused by third parties, and more than likely the government itself. There are certainly counterpoints to this, but ultimately is there anyone here who seriously puts so much faith in the government to approve of this?

I do recall signing a petition against this... Unfortunately, it might take more than things like that to stop something like this from going through.

the government really has no buisness developing this kind of technology. they would put more effort into the bureaucracy to manage it than into the technology development itself. id rather it be done by a private company, like google. and while the government might spy on you, so too could the company. really theres no way to get around that. but it is a problem in need of a better solution.

i do however recognize a problem that exists not in the individual management of user accounts, but in the accumulation of multiple independent (or centralized) accounts online for everything from government and banking sites to cheezburger network. i merely state that its impossible for the human mind to remember 10s or even hundreds of unique user names and passwords. especially when you enforce password complexity and regular updating of passwords. when the human memory fails, we use software or even the writing down of passwords. you might limit the amount of information you need to keep. like only use one user name on all sites, or only remember a pool 10 secure passwords and rotate them as needed. the mere referencing accounts to other accounts (such as using an email address as a login name) adds to the problem.

if the user has a set address pool and you know the password to say their battlenet account so you go to their email and try the same password and it might work, then you can try to go into their bank account and the password might not work, but since you have access to their email, you could probibly go through and mine personal information from accounts youve gained access too and do a password recovery at their bank and clean out their account. these are all the security holes i can see.

websites want too much information
too many unique sequences to remember
too much linking of accounts
automated password recovery
dependance on email addresses
dependance on 3rd party systems
large number of sites requiring logon data

now you can probibly get around those with password management software, but thats a locally configured system with no defined protocols to talk to a web site requesting logon information. what i say is make it easier for that system to communicate with local password management software. so when you go to a website than needs your login data, it will send a request to your computer for that information, then a service on your computer provides those credentials, and you are logged in automatically. the service automatically assures password complexity and can quickly respond to requests for password updates. you only define the communication protocols, not their usage. this ensures that you may use whatever software you want to use, and the web host only uses what software they want to use. and this allows the 2 pieces of code to communicate despite possibly coming from different sources. point is you eliminate human nature as a source of the problem.

[Unknown Target]

websites want too much information
too many unique sequences to remember
too much linking of accounts
automated password recovery
dependance on email addresses
dependance on 3rd party systems
large number of sites requiring logon data

This can be solved by using only one or two passwords on multiple sites. If you want to complain about security, well...how is one mega login better?

I don't really get too many arguments for this, simply because it's a solution looking for a problem. If you have THAT much of an issue remembering login and passwords...why not just use the same one for different sites?

[Klaustrophobia]

in my mind this is simple.  it's not the business of the government to help me (or anyone) remember their passwords.  therefore they should not.  even if it ends up NOT being abused, there's just no logical sense in creating something with that much potential to be for almost no actual benefit.

and about private companies doing similar stuff, they can fk off too.  i'm REALLY starting to hate google.  those aholes wanted my PHONE NUMBER in case they ever need to "recover" my YOUTUBE account.  first of all, i signed up for a youtube account, not google.  the only reason i even have a google account is for whatever spammy stuff i need to use it to do or for things i want to have absolutely NO connection to any other bit of my online "identity."  so the next one of these non-google sites that wants to force me to link to a google account is simply loosing a user.  something i might end up not having the option to do if this comes via the government.

[newman]

There's a potential here to get royally screwed if someone hacks your global internet ID account. You don't just lose access to Steam or WoW or whatever it is you use - you lose access to everything until you get it sorted. In the mean time the culprits can use your internet ID to buy themselves something nice through ebay.
I know, I know, they'd make it "secure". I have yet to see a system that's totally secure and would much rather have separate ID's for separate stuff.
Also, it's usually a bad idea for people who know very little about a technological resource such as the internet and can barely use Google to make global calls like this.

[karajorma]

This won't be a problem.

Politicians create system.
Hackers hack system.
Hackers buy things using politicians credentials
Politicians close system.

Massive waste of money by the government but then what else is new.

[Beskargam]

Keynesian economics aside. . .why would now be a good time to dump more money into a program that while hypothetically a good idea, practically is not if only because itd be run by bureaucracy? where the money for this one comin?

[Nuke]

nah, do something, but dont centralize it and for the love of satan dont let the government run it.
i mostly just recognize the problem, and the only idea i can come up with is to make the website talk to the users password manager software and never tell the user what their password is. essentially eliminate the user as a point of failure.

[The E]

Problem is, this effort is just duplicating one that already exists. It's called OpenID. I'd rather use that than anything that is backed by a single source.

[Nuclear1]

As long as they call it the Eggs in One Basket Act of 2011, I'm down for it.

[Snail]

and about private companies doing similar stuff, they can fk off too.  i'm REALLY starting to hate google.  those aholes wanted my PHONE NUMBER in case they ever need to "recover" my YOUTUBE account.  first of all, i signed up for a youtube account, not google.  the only reason i even have a google account is for whatever spammy stuff i need to use it to do or for things i want to have absolutely NO connection to any other bit of my online "identity."  so the next one of these non-google sites that wants to force me to link to a google account is simply loosing a user.  something i might end up not having the option to do if this comes via the government.

(i agree)

[SypheDMar]

Er... But YouTube has been owned by Google for a long time now.

[Snail]

Err... So?

[Mongoose]

The point is that your YouTube account was already tied into Google for a good two years, which is why I never understood any of the *****ing about finally merging the two account bases.

[Klaustrophobia]

my account WASN'T tied to a general google one.  whether or not the same company owns the youtube account is irrelevant.  if i want to use youtube, i should be able to sign up for youtube, not have to go through gmail.

[Mongoose]

Well no, it wasn't previously, but the option to tie them was there from the day Google bought YouTube.  It doesn't take a genius to figure out that maintaining two entirely-separate user databases doesn't make much sense.  And really, who didn't have a Gmail account that they could hook up to YouTube beforehand anyway?

[Snail]

It's less about that than Google wanting my phone number (and tracking my location without my permission).

[karajorma]

Like YouTube didn't do that before Google bought them.

[Nuke]

i dont like this new thing with the phones though, cell phones are evil ****ty devices and i will never own one. the only phone we have looks like something from the battlestar galactica, and i dont use it. we often keep it unplugged. google pulls that **** on me, im gonna go find another email provider.

[Mongoose]

It's less about that than Google wanting my phone number (and tracking my location without my permission).

I don't remember the phone number being a mandatory piece of information, and I'm not sure what you're on about with the location-tracking.

[technopredator]

"Listen my fellow coughdumbtardscough I mean Americans, we're gonna ID you but the huge amount of computers on the basement of the pentagon the size of several football fields, will not be used to track every little thing you do and know who to bring for water-boarding weekend at CIA HQ under the patriot act and so many other excuses of Home Land Security, I swear to you that we'll not fukc you over even if we have the total impunity and power to do it so, really, c'mon why don't you believe me?"