Beyond the password: the problem is identity

Positive identity verification and proof of life will evolve beyond mobile devices, not rely on a single organization, and will be completely user-centric

Guardar
Black smartphone on a background
Black smartphone on a background of binary code. Sign of the red lock on the screen. Stock Vector.

You change your mobile phone and there they are, all the apps asking you for your login credentials again, a loop that seems eternal of “forgot your password?”. Also, who was not given an impossible mission to try to access a website from another device? These are some of the situations that you are sure to identify with.

But I wish that was the problem. On average, each person has more than 20 users and passwords, and at the moment there is no reliable method to store this sensitive information safely. Because of this, most make mistakes, such as using the same combination for all their accesses. Or, even, what is worse: to a similar pattern add the name of the site “Pepe2020Facebook”. Thus, a mistake becomes the master key to enter absolutely everything related to an individual.

As a result of the increase in attacks and leaks, it is becoming increasingly common to be able to find what password a user has associated with a broken site and, therefore, access to it. In this context, it is recommended to check if you have been the victim of any leaks, on sites such as haveibeenpwned.com. Above all, because if you have access to this information, whether from an email, social network or e-commerce, you can scale in the control of these digital assets.

But beyond solving these credential issues, the real problem is the inability we have to validate our identity univocally. And, unfortunately, there are no big companies that are dealing with the issue. What do I mean? No one is behind verifying if you really are the one who does that action. Examples? Hundreds. From Sharon Stone to politicians who share fake news. Therefore, the root is not in passwords. From my point of view and experience, this can only be resolved by government agencies responsible for identities in each country, or also large business groups, which can also make their contribution to improving the user experience on digital channels.

With fear? Or thinking something like how lucky that I don't have social media? It doesn't matter, in both cases we should create our profiles and presence, simply so that someone else does not create them. Several friends made this wise decision and I welcome it, because in the near future this simple action can save them a big headache. But, above all, don't forget to enable the second factor of authentication or associate your mobile number with this new account, as it is currently the only way to regain access if you lose it to an attacker.

But, of course, never share your password: it's almost impossible to justify that for years it was you in the online world and that, for a period, it was your partner, friend, co-worker. Not easy to recover.

Is there a solution? It will surely come from the generation of third-party agents that take the role of identity verifiers, who will maintain a scoring associated with factors such as the level of fraud or failure associated with validated users. For example, in this way, a digital bank could verify the identity of a person who is making their new account, asking them to approach a local location. Or, this institution could agree with the government that you can enter your fiscal username and password, to link them and at the same time intersect the information. And how about it being peer-to-peer? Where Sebastian verifies that Pepe really is who he says he is and, as a result, he would get miles or a percentage discount.

Undoubtedly, positive identity verification and proof of life will evolve beyond mobile devices, not rely on a single organization, and will be completely user-centric. Because the new way to operate is safe and frictionless.

KEEP READING:

Guardar