With an increasing proportion of daily life being conducted online, maintaining a secure digital identity has never been more important.
Everything from banking and shopping to interacting with government departments requires that an individual be able to reliably prove who they are in a digital environment. Any failure to do so becomes a massive roadblock.
Thankfully, consumers are becoming aware of the importance of their digital IDs and the steps they need to take to protect them. Interestingly, recent research conducted by Ping Identity found 81 per cent of respondents would stop engaging with a brand after a data breach which could have compromised their IDs.
When the Cambridge Analytica scandal became public, many users fled Facebook afraid for the safety of their personal details and how they might be used. In late 2020, when WhatsApp updated its terms to share more data with Facebook, millions of users left.
The importance of privacy
Privacy is clearly no longer negotiable which, in turn, raises some issues. The issues are not just for those who are legally bound to protect privacy but also for those at most at risk of losing it.
A challenge arises because, despite its central role in an online world, digital identity is broken. Fundamental changes are required to ensure that it remains secure and usable in the future.
This current model of digital identity goes something like this. Users authenticate to an identity provider and are then passed on to a service provider. However, this model leaves next to no control for the user over their own identity, and this is the key reason why the current model of digital identity is broken.
A better approach involves the identity provider and the user switching places. In this model, identity providers would give individuals a digital identity through which all important records of the relationship and various transactions could be kept and stored in a secure identity wallet.
This wallet can be protected behind powerful biometric authentication, and filled with pre-validated identity claims. It could also be stored somewhere convenient, such as on a mobile phone.
Users would then be able to pick and choose which parts of their personal data to share rather than having to hand over everything as is currently often the case. Also, enterprises would then be able to verify those identifiers quickly through cryptography and provide a better customer experience.
This system would not only increase user privacy and control but also would remove friction as these data exchanges can take place without requiring separate consent to be shared with other third parties to provide the data on behalf of the user.
Decentralised digital identity
This new approach is sometimes referred to as decentralised or self-sovereign identity, and it represents a radical shift in the power dynamic between service providers, identity providers, and users.
Encouragingly, it’s not just a pipe dream either. In early 2020, research company Gartner proposed that decentralised identity and the current increasing interest in protecting privacy and data ownership will be transformational. Gartner says there is a reasonable indication that the winners in the next decade will be those that figure out the new formulas for adopting a system of decentralised identity.
The bottom line is that decentralised identity put users in control of their own identities. It significantly reduces the level of risk associated with large-scale data breaches and releases businesses from the burden of storing personal information. It also makes compliance with regulations much easier to achieve.
A system of decentralised identity would ensure that high levels of consumer trust are maintained over the long term. With more and more interactions being conducted digitally, having this trust in place has never been more important.
Ashley Diffey is the head of APAC and Japan at Ping Identity.