Following a raft of agency and retailer hacks, the federal government is weeks away from debuting a new way to securely conduct transactions online, without registering one's personal information.
In an unfortunate turn of events, the U.S. Postal Service – which operates the tool – recently discovered an attack on its own networks. But the new login system is unaffected, because USPS had outsourced development to cloud provider SecureKey Technologies Inc., according to Commerce Department officials.
The service, called Connect.gov, is part of a broader Commerce effort to enhance the security of personal information online.
The hope is that Connect.gov will stimulate a market for so-called identity providers.
This is how the tool works: An Internet user wanting to, for example, view a personal health record on a Department of Veterans Affairs site, apply for a government job or access other firewalled government sites registers personal information with a trusted third-party, such as Experian or Facebook.
The trusted site then creates a sort of universal credential – such as a password or smart card.
That one credential alone tells VA, government job site USAJobs.gov and any other dot-gov service that the user is who he or she claims. No need to give, for instance, HealthCare.gov your personal information to create an account. Just enter the already-created credential to shop for medical insurance.
Once an identity-provider market exists, that same Experian ID could be used to transfer funds from Citibank or shop at Ikea.com, among other online transactions.
The General Services Administration is negotiating contracts between agencies and ID companies participating in Connect.gov.
"GSA is working with its partner agencies to stand up the Connect.Gov program," GSA spokeswoman Jackeline Stewart said in an email. "The agency looks forward to launching the initial phase of the program in the next few weeks to enable the American people to more easily access online government services and applications with greater security, privacy and efficiency using an approved, trusted digital credential."