Taking back control of our digital identities
Who will be the custodians of our personal data?
Our lives have become almost entirely dependent on digital processes, which has necessitated the creation of multiple digital identities. We should feel safe in the knowledge that our online accounts are being managed in ways that respect our personal data, kept firmly out the hands of malicious third parties.
But just last year, it was reported that over a billion people were affected by data breaches, while Hiscox estimates that a small business in the UK is successfully hacked every 19 seconds. It’s also no secret that many of the companies responsible for our personal data are mining it for their own benefit. It’s obvious that we’ve lost control of our personal identities and data. So, how did we end up in this situation and how can we take back control?
- Moving beyond passwords: The new era of authentication
- New multi-factor biometrics scanner aims to make online banking safer
- Two-factor authentication vs. Two-step verification – you’ve probably missed this tiny difference
Moving beyond passwords
The issue is that the way we access our digital identities has barely changed since they were created in the first place - with a simple username and password. Many of us are guilty of using the same passwords for multiple accounts and keeping these for years. These credentials are often combined with personal information, from birthdays, to a first pet’s name, which is all too easily compromised.
Massive collections of online credentials have already been discovered, with the latest containing 2.2 billion usernames and passwords. These are specifically created to assist hackers in launching credential stuffing attacks to access accounts that use the same login details. API vulnerabilities have also brought a whole new host of security concerns. All in all, it’s clear that the conventional username and password authentication process is too simplistic to effectively secure our data in an age where digital processes have evolved and we face sophisticated cyber attacks.
One practical solution is to bolster traditional access management with multi-factor authentication (MFA), which integrates and identifies contextual factors such as IP addresses, geolocation, and device identification. This adds an additional layer of security to the authentication process, significantly decreasing the risk of a breach and we’re seeing more organisations implement these policies. Our 2019 Businesses @ Work report revealed that 70% of Okta customers use 2-4 different factors for authentication.
Another method of authentication in development is biometrics. The technology is already used by airports with face recognition software, and other industries are looking into the opportunities it offers. However, security concerns continue to hamper its growth. People are increasingly aware of the sensitivity of biometrics, with fears growing about how companies and government bodies could exploit it. In January, Facebook even had to deny that it was using the social media viral tag, ‘#10yearchallenge’ to harvest biometric data. While, in the context of banking, 45 per cent of UK consumers remain concerned that criminals could mimic their biometric data.
The case for blockchain
The truth is that none of us can truly own our online identities as they are operated by a separate entity, one which is always vulnerable to attack. But, blockchain technologies are emerging to help mitigate risk. Blockchain is built to ensure data exchanges cannot be erased or adapted without leaving a record, making it very difficult to hack. It is also excellent at controlling information and avoiding duplication, which is key in an area with such serious consequences.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
And while this idea of self-sovereign identities in the blockchain is promising, there’s still a lot to figure out to make it a workable backbone for identity management. For example, the system will need regulation and management, public and private sector collaboration, and a willingness for a monumental shift in processes.
There’s too much at stake when it comes to our online identities and we must start taking action – as consumers, as technology companies, and as a global community. We should carefully consider who we allow to be the custodians of our personal data, and invest in the technologies which have the power to protect it.
Jesper Frederiksen, VP and General Manager at Okta
- We've also highlighted the best VPN in this roundup