Phishing attacks are believed to have hit 37.3 million people last year, escalating online password theft 300%. To fight back against this type of cyberattack, a team of researchers at Royal Holloway University of London created a system called "Uni-IDM," which enables users to create electronic identity cards for each website they access.
Why create electronic identity cards? Because these cards can be "securely stored and allow card owners to simply click on the card when they want to log back in, with data sent only to the authentic website," the researchers said.
For some readers, the notion of an ID card may have a familiar ring, and the Uni-IDM scheme does acknowledge its heritage in the Microsoft CardSpace initiative, which was met with near-universal disinterest some five years ago. (You can still access its console from the Windows Control Panel, though.) Uni-IDM's creators noted that the new scheme "can be used to replace existing ID management client software, including the CardSpace … client." The prime target for replacement, though, is the username/password.
"We've known for a long time that the username/password system is problematic and very insecure, and it's a headache for even the largest websites," said Chris Mitchell, professor of Royal Holloway's information security group. Full article here
