When was the last time you used a digital device to, in some way, confirm your identity? If you’re like most consumers, it was probably today, when you logged into your email account, or tried to check the balance of your checking account. You might have even done it when you used a thumbprint to unlock your phone.
We’ve grown so accustomed to the process of using digital methods to confirm our identities that we barely give it much thought, but we’re currently embroiled in a pivotal crossroads of identity confirmation—and how it plays out will have a significant impact on our security, as well as how we live our lives.
The problem with the current state of ID security
Most of our current technology revolves around straightforward means of identification; most of your log-in options, for example, require you to conjure the username and passwords you’ve decided upon in the past.
For most systems, this is sufficient information to guarantee your identity. For more complex exchanges, such as proving that you’ve read and agree with a given document, there are more sophisticated technologies, such as software created by document signing companies.
But there are a few problems putting strain on our current systems:
- Increased demand. There’s been a sharp increase in demand for digital identification along multiple lines. For example, there are more systems that require positive user identification before allowing a user to proceed. More consumers have access to the internet than ever before, and those users are each relying on more ID-sensitive systems than ever before. This increases the scale of the problem enormously.
- Cybercrime potential. Best practices for choosing and changing passwords can help you stay protected, but the potential for digital fraud with today’s security practices is still high. All it takes is a misplaced note, a compromised email account, or a missed best practice, and someone can hijack your identity.
- Automation and scale. More companies are relying on automation to handle as many requests as possible, serving thousands to millions of customers at once, and minimizing the number of human interactions required to complete a request. This leads to a greater number of required authorizations and a greater number of digital steps to complete, each of which has the potential to be compromised.
We’re at a crossroads, and we need better systems of identification, so what can we do?
Option 1: multi-factor controls
One of the best options is one of the oldest on this list, and it’s relatively simple to execute: multi-factor authentication. The idea here, in case you aren’t familiar, is to use multiple different means of identification to positively ID a user; for example, you might log in with a username and password, but also need to enter a unique signature code sent only to your personal device, such as a smartphone.
It’s currently being used by many banks and financial institutions, and you’ve probably used it in the recent past. The biggest problem is the inconvenience; it takes extra time to verify your identity, which is annoying, and may require the use of a device you don’t have with you 100 percent of the time.
Option 2: cryptographic signatures
Cryptographic signatures are another new method used to verify a personal identity, and it offers more anonymity than multi-factor authentication. They’re frequently used in blockchain interactions, which are primarily used in cryptocurrency exchanges, and can reliably verify a user’s identity while still affording some measure of anonymous protection. The combined use of a public key and a private key ensures that each user in the transaction is who they say they are, and ensures that the transaction is recorded publicly in the distributed ledger.
The biggest problems with this approach are its technical complexity, since you need to generate a lengthy cryptographic hash, its susceptibility to fraudulent users (who could feasibly steal your identity), and the fact that its semi-anonymous basis makes it hard to tie a digital identity to a physical one.
Option 3: biometrics
Biometrics have gotten lots of press over the past few years, and for good reason. We’re entering an era where our thumbprints, facial structures, and even the shapes of our ears could feasibly be used to ID us, in an instant, with almost any digital device. It’s fast, convenient, and relatively secure, considering it’s hypothetically difficult—if not impossible—to perfectly replicate someone else’s appearance.
There are still problems to overcome here, however; biometric signatures can still be replicated with prosthetics or tech designed to fool biometric scanners, and there’s little protection if an accident or aging changes your physical characteristics beyond recognition.
Key obstacles to overcome
These aren’t the only options to consider, but they are some of the most prominent. Between them, and other options, these are the key obstacles that still need to be overcome:
- True uniqueness. Digital ID features need some signature that can’t be mistaken for someone else’s.
- Hack resistance. Your signature shouldn’t be easy to guess or easy to replicate; the tech itself should also be tamper-resistant.
- Simplicity and intuitiveness. At the same time, consumers need a technology that’s easy to navigate and fast to access. Nobody wants to spend several extra minutes on each interaction for the sake of security.
- Regulatory hurdles. Some digital ID technology needs to navigate complicated regulatory hurdles before it can be used by the masses; this can be a major holdup for both research and execution.
- Privacy. Users still expect some degree of privacy, especially with regard to biometric signatures.
The current state of digital identification is unacceptable, but there are many potential paths forward, all of which have strengths and weaknesses. The optimal solution will find a balance between usability, convenience, and true levels of security, but it’s unlikely that one solution will emerge to cover all three areas efficiently.
Instead, we’ll likely face an era with diverse means of digital identification, at least as a short-term solution until we come up with something better.