Electronic identity cards join the fight against phishing attacks

A new approach to fighting phishing allows users to create electronic identity cards for each website they access.

Phishing attacks are believed to have hit 37.3 million people last year, escalating online password theft 300%. To fight back against this type of cyberattack, a team of researchers at Royal Holloway University of London created a system called "Uni-IDM," which enables users to create electronic identity cards for each website they access.

Why create electronic identity cards? Because these cards can be "securely stored and allow card owners to simply click on the card when they want to log back in, with data sent only to the authentic website," the researchers said.

For some readers, the notion of an ID card may have a familiar ring, and the Uni-IDM scheme does acknowledge its heritage in the Microsoft CardSpace initiative, which was met with near-universal disinterest some five years ago. (You can still access its console from the Windows Control Panel, though.) Uni-IDM's creators noted that the new scheme "can be used to replace existing ID management client software, including the CardSpace … client." The prime target for replacement, though, is the username/password.

"We've known for a long time that the username/password system is problematic and very insecure, and it's a headache for even the largest websites," said Chris Mitchell, professor of Royal Holloway's information security group.

The scale of the phishing problem is huge. "LinkedIn was hacked and more than 6 million stolen user passwords were then posted on a website used by Russian cybercriminals. Facebook also admitted in 2011 that 600,000 of its user accounts were being compromised every single day," Mitchell pointed out.

Despite how common big data breaches are becoming, the username/password combo remains the dominant login technology. "While large corporations are using more secure methods, attempts to provide individuals with similar protection have been unsuccessful -- except in cases such as online banking," Mitchell said. "Our hope is to provide a more sophisticated technology to protect all Internet users."

Uni-IDM is also targeted as a solution for people who want secure access to the growing number of government agencies and services moving online, such as tax and benefits claims.

Dig Deeper on Email and Messaging Threats-Information Security Threats

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.