Are your digital IDs secure?
While we are all individual people, we have multiple identities depending on the situations we find ourselves in. We present different images of ourselves to our family, friends, colleagues, bosses, the barista in the local coffee shop, and so on. We do the same in the digital world and so identification and authentication are needed to create trust in any online transaction. But are these IDs secure? Here, I explore why digital IDs are becoming more prominent in our ‘always-on’ society and some of the technologies being rolled out to keep our identities safe online.
Managing online personas in the connected era
A decade ago, managing digital IDs was very simple. Typically, employees would have access to a single device – a desktop – which would be managed by their employer. Today however, we find ourselves in the mobile era; and there’s been an explosion in the number of devices we each own – 3.64 per person, according to GWI. As the number of online and mobile services has increased, so too has the number of digital IDs we have to create for ourselves – something that must be reduced if our online personas are to be better managed by businesses and public authorities.
Keeping digital IDs secure
At the same time, cyber-attacks are becoming more sophisticated, with citizens more at risk of fraud and stolen identity than ever before. Take Yahoo’s recent disclosure that state-sponsored hackers stole information about 500 million of its users. It could be the largest publicly disclosed cyber-breach in history. Protecting individuals’ details online is therefore top of the agenda for security professionals, with new technologies continually being rolled out as a result.
The ways in which we can be identified and authenticated online can be summarised by three factors:
- Something you have – a token, phone, passport or smartcard - At Atos, we make use of smartcards to keep physical access, as well as digital access to messages, workflows and apps secure. Each one of our 100,000 employees uses one to enter buildings, make payments in our canteens, encrypt messages, sign contracts, access apps, and so on.
- Something you know – a password or PIN code - The only thing that makes a password secure is its secrecy, and once it is exposed to another person,it can very easily be stolen.
- Something you are (biometrics) – a fingerprint, iris or retina Biometric identification is becoming all the more prominent as it is easy to use and difficult to ‘steal’ or copy a fingerprint, iris or retina; as long as the system has been well designed.
The level of detail and type of authentication required will depend on each individual use case, and how secure access to the service must be. For a standard international passport for instance, a lot of personally identifiable information is required – both in print and electronic form. And for something like the Accreditation system built and managed by Atos at Rio, it has the same high levels of security as systems used to process applications for passports and visas. The Accreditation represents a critical element in the security of the Games. Each one of the 300,000 accreditations issued to the world's media, athletes, sports officials and sponsors at the Games bore the name and photo of the individual, plus a security bar code and acted as an electronic badge, identifying the holder and defining their access rights.
The future of digital IDs
Looking at how different countries are continuing to develop their digital IDs and increase security reveals some surprising differences. The European Union is aiming to provide means of electronic identification (eID) and trusted services, which will be key to ensuring secure, cross-border digital transactions and central building blocks of the Digital Single Market.
In the US, private enterprises are aiming to define biometric standards, with new features (both physiological and behavioural) being tested. One company that’s leading the charge here is Apple, which introduced its Touch ID feature to its iPhone 5s in 2013. It will now be interesting to see how these developments impact interactions between businesses, citizens and public authorities across the globe, and how different digital IDs will evolve.