imho Mandatory deployment of strong authentication: FFIEC

All:

From here to her: sha

Here:
What I wonder about the Federal Financial Institutions Examination Council (FFIEC) mandate is whether I’ll have to go out and buy an SMS-capable cellphone in order to access my bank account online. Or, more fundamentally, whether I’ll have to carry around any piece of hardware—-cellphone, SecureID, smartcard, USB token, etc.-—for that purpose. For the purpose of having a second factor for strong authentication to prove that I’m me and that the money I’m getting, transferring, etc. is in fact truly mine.

Is the FFIEC’s mandate going to result in my financial institutions (plural—because I have my money in several) issuing me an “unfunded mandate” to acquire the requisite hardware/software? Will I need to buy/install/configure a separate hardware/software combo for each financial institution? Or will a single strong authentication scheme/token/credential be accepted by all financial institutions throughout the US/world? Will any of them subsidize my acquisition of that new factor?

This comes in the midst of another unfunded government mandate on the citizenry. In the next few years, TV broadcasters will be required by the government to abandon their existing frequency assignments and move their transmissions over to digital, on different frequencies, not backward-compatible with existing sets. That means that every American will need to go out and buy a digital converter (or several per household, depending on the number of sets you have) to continue to access existing being-moved-to-digital programming.

So, we’ll be cut off from online access to our money (possibly) if we don’t acquire the requisite strong authentication token(s). And we’ll be cut off from TV (very likely) if we don’t acquire the converter(s). Whose interests are being served here? Not mine. I’m comfortable with today’s security on online banking. I’m also not super-impressed by HDTV. I can definitely continue living happily with analog TV.

I don’t think any of this has filtered out into general public awareness yet. Does this sound like a huge cultural stinkpot ready to burst wide open? You bet.

But then again, I’m still smarting from the music format die-offs of the past 30 years: vinyl, 8-track, cassette—and, maybe eventually, CD, in favor of MP3s and beyond. Every obsolete format is an unfunded mandate from the recording industry to replenish my jamcache from scratch.

As Tommy Lee Jones said in “Men In Black”: “Great—now I’ll have to buy the White Album all over again.”

Or stop buying music altogether. By the way: www.kexp.org.

Jim