Sharing ideas with the world

Friday, March 30, 2012

Online Identity

3:09 PM Posted by Deepak Nayal No comments
It seems that people who design security policies for online banking, trading, or similar services do not really know much about human psyche. They want you to have a login password and a separate transaction password; these two should not be the same; and you need to be changing at least one of these every once in a while. And this is not just one account that you are managing. On an average a person might be managing more than fifteen online accounts, ranging from high security banking ones to the regular email ones (which by the way are no less important nowadays). Because of all this, usually people end up having common passwords for most of their accounts or end up writing them in some document - actually beating the purpose of increased account security. 
Image from siteboat.com

At the core of all these security mechanisms for various online services is a single common issue - Identity. All this security is put in place to ensure that you are who you say you are. In the real world we establish identity using some government documents such as passport, driving license, id card, etc. In most countries there is a well established system to identify its residents, however some people (read, criminals) still find ways of going around the system and forging identities. This problem of establishing identity exacerbates in the online world, as "stealing documents" or forging identities is much easier when it is all about 0s and 1s. 

Identity is, has been and for a long time will remain one the biggest problems to solve in the online world. Lately social networks have taken it upon them to solve this problem. Facebook, Twitter, LinkedIn and Google provide other web sites with mechanisms to authenticate and identify a user using security frameworks such as OAuth. However, these networks have their own motives to establish themselves as identity service of the net. While I am happy that I do not have to create a login id for every website that I visit, I also do not want to share information about every article that I read with my friends and family. This is the primary reason that even if a website provides an option to login using Facebook, I (and I am sure many others) choose to create a separate account. 

Having said that, Facebook has taken the lead in the online identity race; however, this race has only just begun. While these social networks work just fine for establishing identity for basic websites, these won't hold good for areas where we need more robust solutions, such as banking, finance and medical records. For example, it is not uncommon for general users to create multiple or fake accounts in such networking sites. This discourages the use of such services for robust online identity management. I believe this is where governments can step in and help solve the online identity dilemma. Just like in the real world the government [documents] establishes your identity, in the online world as well, government can have identity [web] service that proves your identity to the third party website without actually sharing your credentials with it. Such a central service can prove to be useful not just for commercial but for other social purposes as well. This could enable you to open a bank account without actually visiting its branch (thanks to financial liberalization, may be it is already happening!) or vote for your next prime minister from your comfort of your living room. This is one of those areas where public-private partnership can really prove to be better than a 100% pure solution of either kind. 

But even such [government-backed] identity solution cannot be used for all online applications, and that is because one of the basic advantages of online world is anonymity. Forcing people to identify themselves will discourage many from exploring different things, or raising their voices for a cause or against oppression. The web will always remain divided into anonymous and identified users. While the latter are required for getting serious stuff done, the former are required for exploring the possibilities of the virtual world.

0 comments:

Post a Comment