Opinion: It's time for modern digital identities

By Julio Franco ยท 7 replies
Sep 12, 2017
Post New Reply
  1. It used to be so simple.

    Essentially, you could verify your identity by providing some kind of unique piece of information that—in theory, at least—only you or other trusted parties would know. Like, for instance, your social security number.

    Of course, those days are now gone, and last week’s monumental hack of credit reporting firm Equifax put a thundering exclamation point onto the end of that era. Throw in all the other high-profile hacks into companies like Home Depot, Target, etc. and it’s not too far a stretch to say that not only the social security number, but a great deal of other identifying information on nearly anyone in the US is now readily available. (In fact, paradoxically, the value of that once very important information has likely dropped dramatically.)

    Identity verification without being physically in front of someone is still an incredibly important way in which we interact with the world around us, however, so what do we do? The problem is that we don’t really have a clear, universal alternative moving forward.

    Yes, there are numerous efforts designed to move away from the more traditional “analog” methods of identity to digital ones, but none of them work across all the environments or interactions in which we find ourselves engaging. Ironically, the notion of moving to very basic forms of digital identity—usernames and passwords—has actually exacerbated today’s identity problem, and by a huge amount.

    ... you could verify your identity by providing some kind of unique piece of information that only you or other trusted parties would know (...) of course, those days are now gone

    Today’s digital identities are essentially a horrendous conflagration of good intentions gone wrong, because none of them is truly complete. Part of the reason is that, while moving towards a single digital identity—such as a government sponsored system—offers some clear benefits, it also opens up potential risks as a single, critical point of attack. Lose that one identity, and you could potentially lose everything.

    Important steps forward are being taken, however. First, we’ve seen tremendous growth in the use of multi-factor authentication, where you need to provide at least two forms of digital ID to verify your identity. The problem with this is that not all methods of providing a second or third factor, or “form” of digital identity are equally strong, and several have been discovered to be much weaker than initially thought. Texting your temporary or special log-in codes via SMS, for example, has serious limitations that weren’t initially identified.

    Second, we are seeing much more use of different types of biometric authentication, which uses physical characteristics of your body to identify you. From fingerprint readers on notebooks and smartphones, to iris scanning, and if rumors about Apple’s new iPhone are to be believed, facial recognition on smartphones, the availability of these generally much more secure methods of ID verification is becoming more widespread. Now, some worry that biometric data, as with a single universal ID, represents a security concern because you can’t “change” your biometric data and if it’s somehow stolen, you have a security challenge. However, biometric data in combination with the requirement for multiple factors of authentication (even, in some cases, multiple forms of biometric identification) is generally considered very secure.

    Third, we’re starting to see more efforts to form industry-wide collaborations to help drive the “universality” of these identity concepts. The FIDO Alliance, for example, is working with a variety of major tech, credit card, banking, and other financial services companies to develop a standard that will interoperate across websites, devices, services and more.

    In addition, just last week, the four major US carriers—in an extremely rare show of complete unity—announced the development of the Mobile Authentication Taskforce. This group will be responsible for developing a single, consistent method of authentication that both consumers and businesses can use to accurately identify people using mobile devices on any US telecom network. First results won’t be showing up until 2018, but this sounds like an enormously positive development.

    The challenges of creating a viable, secure, and modern form of digital identity are extremely difficult, and even in spite of all the positive efforts I’ve listed here, there’s no guarantee we will have a viable option anytime soon. But as the events of the last week have hammered home, it is absolutely time to move past old ideas and embrace the opportunities that a digital identity can enable.

    Bob O’Donnell is the founder and chief analyst of TECHnalysis Research, LLC a technology consulting and market research firm. You can follow him on Twitter . This article was originally published on Tech.pinions.

    Permalink to story.

  2. andy06shake

    andy06shake TS Evangelist Posts: 475   +152

    Thing is such a scheme is inevitably going to be used to implement more control and/or used for other nefarious purposes than just identification, and by our own government's no less amongst other corporations and companies.
    p51d007 and Underdog like this.
  3. Underdog

    Underdog TS Booster Posts: 58   +26

    Give that man a cigar!
    andy06shake likes this.
  4. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 886   +434

    Only if it made to be mandatory - See China.

    If it is made option - tradeoff between security and privacy - and I suspect it will be largely successful. Let everyone who wants one get one. Let everyone who has one have the option of using it or not.
  5. jobeard

    jobeard TS Ambassador Posts: 11,791   +1,252

    A digital signature comes with the concepts of Non-Reputation (ie you can't deny you wrote it), Unalterable or at least known to have been altered (ie like a CRC or Hash).

    Moving those concepts into Email and the Social Media is difficult and would require a total rewrite for this to be achieved - - which is why we haven't got it yet even after years of knowing of the problem.
  6. andy06shake

    andy06shake TS Evangelist Posts: 475   +152

    Suppose that depends on how one defines "largely successful". I mean for surveillance purposes and/or the collection of meta information I imagine it will indeed be a success, anonymity, on the other hand, will be completely out the window. Not that it is not already all the same.
  7. p51d007

    p51d007 TS Evangelist Posts: 1,430   +742

    Oh don't worry...I'm almost 60, so by the time they do something like embedding chips, or barcodes on your skin or something like the 2011 movie "In Time"...I'll be long gone.
    People WILLINGLY give up their liberties, in the false name of security daily. Hell, take the TSA for example groping people before they get on an airliner, even though report after report shows the TSA in tests, FAILS constantly. But, people "feel" safer, so, don't be surprised in the next 30 years, you have a mandatory chip or barcode on you.
    andy06shake likes this.
  8. mbrowne5061

    mbrowne5061 TS Evangelist Posts: 886   +434

    I define it as "adopted by people willingly". If you make something mandatory, people resist. If you make it optional, they flock to it.

    Personally, if it was optional, I would probably get one and then never use it for anything other than financial transactions. I want my bank to know that it is definitely me before doing anything with my accounts, but beyond that I'll happily sit as 'some rando' for the rest of my online activities.

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...