A clear market agreement in favour of government-backed digital ID has actually emerged throughout submissions to the govermment’s modified cyber security method assessment.
NAB [pdf] described its assistance for strong digital ID originates from a desire for a zero-knowledge evidence of ID.
” Where entities were allowed to count on no understanding evidence (ie, it suffices that an entity understands that a person is over 18 years of ages and does not require to gather real date of birth information or proof thereof), this would reduce the information security danger to both companies and people,” the bank stated.
If existing digital ID “requirements and procedures” were boosted, NAB stated, a company might confirm a characteristic such as a person’s age, without gathering details beneficial to cyber bad guys.
Nevertheless, the NAB submission specified: “The present program is not yet suitable for function”.
ANZ Banking Group [pdf] concurs, stating such a routine would “assist reduce the volume of identity files gathered and saved.”
The banking market’s representative body, the Australian Banking Association, included [pdf] that a digital ID ability “might be the anchor for a brand-new, secure-by-design method to cyber strength”.
The consulting sector likewise enacts favour of enhancing Australia’s digital identity program.
Deloitte stated [pdf] that ” ongoing massive information breaches reveal that understanding based approaches of registering or validating users (passwords, Q&A) can not dependably guarantee identity.
” Digital services that count on the aggregation of personally recognizable details (PII) bring in identity scams and cybercrime at-scale.”
While likewise supporting an enhanced digital ID system, EY alerted [pdf] that public trust might weaken it: “Practically 3 in 10 Australians are still uneasy with the principle,” it stated.
” To resolve this problem, federal government will require to embed security systems from the start, begin with a voluntary system (similar to the My Health Record rollout) and develop an independent governance authority to develop public trust.”
AWS and Optus [pdf] provide a comparable contribution to the digital ID argument: that multi-factor authentication must belong to a nationwide service.
AWS’ submission [pdf] stressed that multi-factor authentication is essential: “Although we usually warn versus authoritative suggestions, there is an exception to every guideline.
” Multi-factor authentication (MFA) is among the easiest and crucial defenses readily available to users, making them less prone to password leakages or social engineering”.
While people are ending up being progressively knowledgeable about MFA, the submission stated, “federal government can play a crucial function in accelerating this procedure”.