How Covid-19 taught me that we need federated online identities

digital-identity

Back in 1993, the New Yorker printed a cartoon that went viral: ‘On the Internet, nobody knows you’re a dog’. Thirty years later, it’s not so funny that we still struggle to work out who is who online. Helene Panzarino explains why we now really need a secure, reliable and efficient way to verify online identities.

It was while helping a relative struggle through multiple online portals – from the state, from local government, from financial institutions, from existing and potential future lenders – that it struck me how inefficient, time consuming, and indeed actively dangerous the ways we verify identity online can be.

It can take days to verify an online identity for an emergency loan. That could mean the difference between a business surviving and failing. Scaled-up, it could mean the difference between a more-resilient economy and tens or hundreds of people added to the unemployment line.

Knowing me, knowing you – the problem of multiple online identities

We might not want to shop or bank online, but all of us need to be able to interact digitally with the public sector. This could be for filing and paying tax online, to apply for government benefits, or when registering to book medical appointments.

Unfortunately, all of those essential services in the UK require separate online identities and all have their own verification processes – some of them lengthy. And those accounts and identities can interact online in confusing ways.

In the private sector, things might be faster but the situation is arguably riskier. Here, end users are expected to keep track of an ever-expanding multitude of separate online identities. That makes it tempting to use a single, ‘multiuse’ password. But less secure passwords can compromise vast amounts of personal information.

Dogged by lack of privacy

But the plethora of passwords and logins may be the least of our problems.

How we are required to verify our identities can expose reams of personal data to potentially unscrupulous businesses.

And the reality is that many firms specialise in using or selling online personal data, sometimes with only the weakest effort at anonymisation. That risks our financial security and our privacy.

Then, when breaches (perhaps inevitably) occur, end users are often blamed. Why did we not check every box on every service for multi-factor authentication?

But consumers can’t be expected to dedicate hours of their time to cataloguing and securing their digital selves. The clunky technology is the problem.

Federated digital identities (FDIs) are the solution

Federated Digital Identities – long mooted, now finally on the road to widespread adoption – remove the need for endless signing-in and signing-out, and manage the security and privacy risks of having endless user accounts.

This is how FDIs work:

  • FDIs support ‘single sign on’ (SSO) logins. Multiple services can be accessed with the same account information and often with just one log-in. Think of my medical practitioner automatically signing me in because I had logged into a government account earlier in the session
  • There is one caveat to SSO: You need to choose wisely where you store and access credentials
  • Federated digital identities hold the information that verifies our identity in just one place. When we sign up or into a new platform – whether a bank account, a government service, a payment processor or a job application site – the federated ID provider (IdP) tells that service that we are who we say we are. That confirmation is the only data provided, which protects both our wider data and our privacy.

Ready to learn more about the future of digital identity online?

In the latest webinar from our Centre for Digital Banking and Finance, we will be joined by Dave Birch, renowned author and commentator on digital identity in financial services, and Gareth Narinesingh from digital identity platform Yoti in a frank and open discussion.

Dave and Gareth will share their views on the future role of digital identity in:

  • supporting the economy
  • improving access to financial services
  • and protecting consumers and businesses alike from online fraud.

They’ll discuss key opportunities, challenges and risks and what the role of the financial sector, policy makers and technology providers should be in supporting the development of robust national digital identity systems.

Find out more

Related content