
Common Identification Standard for Federal Employees and Contractors (2004) - dredmorbius
https://www.dhs.gov/homeland-security-presidential-directive-12
======
dredmorbius
I hadn't realised until seeing it mentioned on HN a day or so back that the US
Federal Government had adopted a non-password identification standard as early
as 2004.

A case of government accomplishing things the private sector has still not
successfully managed.

The actual identifier is a "FedIDCard", a smart-card token used as an
identifier.

[https://www.fedidcard.gov](https://www.fedidcard.gov)

~~~
rkeene2
Google also managed to get rid of passwords a few years ago, and of course
this also decreased phishing attacks.

I've also implemented a PKI-based smartcard authentication system at some
organizations.

The US DOD started getting rid of passwords before the rest of the federal
government/HSPD-12.

Hopefully other organizations can get rid of passwords soon as well.

~~~
dredmorbius
You mean internally, correct? Not for external users.

That's the real problem.

------
mattr47
Ahh yes the CAC was great. I'd run to lunch off base and mistakenly leave my
card in my laptop. Whoops, followed by explaining to guard what happened.

And then come back and find that card doesn't work. After an hour or so of
pulling out and reinserting you discover a coworker took your card out and out
a piece of clear tape over the chip.

------
noodlesUK
How much are smart cards used in ordinary commercial operations rather than
ones close to government? I know plenty of people who are using Yubikeys, but
I mean the real plastic cards that make you feel like an action hero?

~~~
rkeene2
Many thousands of times per day, since modern credit cards are smartcards.

~~~
dredmorbius
Yes and no.

That's true, yes.

But it's not general-purpose computer identification.

(The thought that credit cards might become the de facto identification token
is numerous spectacular shades of terrifying.)

