The Future of Digital Identity Evening took place on 19 September, at The Ivy Soho. It was held in partnership with ForgeRock and Amido, with the aim of exploring identity management in a changing world.
IoT
ForgeRock transforms how businesses build trusted relationships with people, services and things through digital identity management.
Amido is a technical consultancy that specialises in implementing cloud-first solutions, helping their clients build resilience at scale and flexibility for the future.
In 2017, Sadiq Khan announced his ambitions of making London the leading city in smart technology. Innovations like sensors that can monitor air quality, or attach to cars to monitor congestion, are a few examples of what Londoners can look forward to.
IoT will support the development of smart cities by allowing for more devices to be connected. As this happens, citizens can expect higher levels of efficiency in the day to day management of their cities. IoT can also help facilitate easier interactions at home, allowing users to turn on their devices from their phone, anywhere they may be.
But with each new connected device, comes another digital identity, which stores information on how we use and interact with the device. The more devices we use, the more data we give away, and the more complex the identity matrix becomes.
Recently, with the increase in data hacks and rise of targeted ads by malicious actors, consumers have become increasingly more hesitant to share their data. But without sharing their data, they risk missing out on getting more personalised experiences, and simpler modes of accessing services they use.
Security and Identity
This would be a classic Catch-22 situation, if not for a practical solution that can and should be achieved in the not too distant future.
In order to make users feel more comfortable sharing their data, they need to be sure their information is being stored securely. Whilst it may sound counter-intuitive, moving to a world without physical passwords can help ensure data is better protected.
Consumers often don’t realise the importance of choosing a strong password and, when they do, it can be difficult to remember all the special characters and numerics that are required in a “strong” password. Passwords are frequently more likely to keep out forgetful users than they are hackers.
One way to augment passwords’ security (and in some cases, bypass it) is multi-factor authentication (MFA). Apps, like Gmail, already incorporate MFA in the context of having to include a code that is sent to another device before being able to log on.
While this is a step in the right direction, it’s not always an ideal solution. For example, one member reported that when they travelled to the United States, they were unable to access their work email as the necessary code was sent to their UK number which they could not access.
Passwords, too, are frail: they are frequently unnecessary, and fall back on sending fresh passwords to email, which becomes the de-facto one point of access to a user’s account ecosystem. An ideal future would remove the need of passwords altogether, and would surely involve biometrics.
Biometrics can already be seen in smartphones with devices unlocking with a finger tip or facial scan. Securing information in ways that are specific to the individual will reduce the likelihood of identity theft and data hacks.
Identity and Discomfort
Whilst biometric MFA will allow users to be more secure in the future, it can still feel extremely invasive. A cultural shift needs to take place with both citizens and government officials, to ensure users are in control of their data and feel that they understand it and are aware of who has it.
Sharing more data will benefit both businesses and consumers as it will allow providers to give their users exactly what they want. Moving away from passwords and relying solely on biometrics MFA can help assure users their data is being properly secured so they feel more comfortable sharing it.
Using this type of logging-in system would reduce the risk of middleman attacks as it allows for users to have a more complete digital identity with specific characteristics and behaviours. Deviations from this would allow organisations to detect things like identity theft.
For example, a user who has a tendency to type slowly and softly when logging onto their online bank account, who then suddenly types quickly and aggressively during the next online interaction could alert officials to fraud.
Explanations on what MFA is and what it can be used for should be given to users in an easy to understand way, without complicated tech jargon. Logging on should be as easy as possible and users need to be aware of the multiple options they have available to them.
As technology becomes more connected, users should feel more comfortable sharing their information so that they can reap the full benefits of a future driven by innovation.