Skip to main content


I already did some predications over on IDWorld. Of course, if I were afraid to fail I would have a real job. Here are more predictions for 2006:

  • Phishers, having focused on Europe recently, will again focus on the US with more sophisticated tools.

  • Attackers will increasingly target corporations for their HR databases for identity information.

  • Strong Authentication will get a big boost from banks, but also from corporations that deploy SSL-based VPNs.

  • Web 2.0 and Identity management will meet in 2006 resulting in lots of
    discussions about privacy, enterprise vs individual identities etc. Slowly, people will realize that it's really employee vs customers as enterprises will always be providing the services.

  • People will start talking about permission-based identity services such as a service that will require a users' permission to check a credit report. these ideas will go nowhere because of incentive issues.

  • Federated two-factor systems offered by the hardware token vendors will fail miserably. A combination of costs and privacy concerns will kill them, despite signing up one or two high-profile clients whose customers reject it a la Passport.

  • 2006 will once again not be the year of biometrics or certificates.

  • Someone will come up with an aggregator of user-centric universal identifiers. They will raise a bunch of VC money and fail.

  • Confederated identity will take off. This is where a user maintains a handful of identity services and only uses services that support one of those systems. Registration pages are removed in favor of RSS-esque buttons that indicate support various identity services, such as Infocards, which get

  • GYMA (Google, Yahoo, Microsoft, AOL) and ebay into the identity game.

  • Patent issues with SAML will hamper it's adoption by the GYMA crew.

  • Mutual authentication becomes a must have for all financial websites.

  • Brokerage accounts will increasingly be targeted by phishers and fraudsters.

  • Digital signing and/or transaction authentication will become a hot-topic again as banks and brokerage houses look to thwart session-hijacking trojans.

  • Another payment processor will get the death penalty from Mastercard and Visa for a violation of their PCI standards.

  • One of the credit reporting agencies will get in hot water for a breach, again.

I suspect the vast majority of these are wrong or that many have already happened and i just forgot.
Currently unrated

Recent Posts







RSS / Atom