The law in the United Kingdom has various influences on organizational information security policy. As well as protecting the rights of individuals and organizations, it also imposes many duties and responsibilities. For organizations to meet their legal obligations a number of technical controls can be put in place.
Historically, before computers and the Internet, business transactions were conducted face to face; establishing your partner's identity in such situations presented few problems. As human beings, we are well equipped to discern the extraorginarily subtle variations of the human face and voice to enable positive recognition and identification of our partner.
Management of user ID accounts is expensive for business, frustrating for users, and open to abuse. A user account Helpdesk in a large organization typically deals with many thousands of Helpdesk calls each year, and the costs surrounding this are significant. Any operation that requires human intervention can become a bottleneck during especially busy periods.
Looking at IT security history, the bad guys were always far more sophisticated than the people who tried to stop them. Even if companies or the government could conceive of IT security it was almost impossible to achieve it because of the lack of knowledgeable security professionals out there and the lack of security protection tools in the marketplace.