I am “guilty” of using the same username and password to a lot of websites I access especially that I build links for different clients to a lot of social media, forums, blogs, emails, etc.

I usually assign one username and password per website to be organized and that includes twitter.

In order to mitigate a potential ID thief from hacking off your arm that has the embedded RFID chip, we could deploy two RFID devices – one of which also checks for temperature and blood flow ; in theory the hacked off arm would quickly attain a significant temperature delta from the average body temp.

Just a simple tech solution – ok, there may be little privacy and ethical issues, but hey…

To that point though, we might end up having IP addresses assigned to us by the government. Conspiracy theory sounding I know, but with the Craigslist killer and crazy parents causing the deaths of teen on MySpace, it is a possibility. Just like a SSN, you could have an IP. People could then steal and sell those too though.
.-= Robert Dempsey´s last blog ..State of the Internet 2009, an Image =-.

Tying identity to an IP address is just a non–starter. Home broadband users frequently get DHCP assigned addresses out of a pool, there’s no guarantee that they’ll have the same address day to day (though the address likely resets when the router is rebooted). Large organizations tend to use a limited number of firewalls to connect to the internet, so 1000s of identities would end up mapping to one or two addresses (and then: what about someone who logs on from work during the day, and home in the evening. )

The best solution is something like InfoCards or x509 certificates, where identity is something under the user’s complete control. But x509 certificates cost money and have never really taken off, even within enterprises. InfoCards have promise but again are shadowed by association with Microsoft.

No solution will overcome the biggest weakness: people are all too willing to hand over their credentials for one service to another. Twitter is killing off basic auth for the API because, I’m guessing, it’s become just too much of a pain to deal with the people who keep losing their credentials for one reason or another. oAuth has its own problems but is far better to build an API ecosystem on than basic auth.

Maybe what we need is an operating system-level personal dashboard that manages all our accounts for us (rather than just depending on browsers to remember log-ins). There are tools that do this but some of them have been compromised.
.-= Michael Martinez´s last blog ..Offering SEO advice to Danny Sullivan =-.

So alternative means? Hm. Quantum cryptography sounds promising…. j/k

Here’s an idea – an anti password. A list of things that you would NEVER say, such as ‘viagra’. This list is personalized and controllable by you, and should you (or, I don’t know, Joe hacker) mention one of these words then the post is flagged, an email is sent to you and the account is locked out until you revalidate your credentials.

Tricky to implement, but it has possiblities, I think.

Banks or some very trusted authority should develop consumer tools for universal ID. I know there are a few initiatives around that already. Don’t know what the biggest hurdles are but clearly most people DO use a single or very similar log ins and clearly it’s a safety problem.

Anyone who says otherwise has no respect for the sanctity of our collective tweets
.-= Social Media Commando´s last blog ..Top 5 Ways to Motivate Your Online Marketing Team =-.