Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

The flaws of common ID?

I too would prefer to have a single common method of identifying myself online: a single common avatar that I use across all sites, with a single common (complex and strong) method of authenticating myself.

But as the editor of a UK technology magazine has just discovered (@bazzacollins), illicit access through that common identifier can have widespread consequences.

He was trialling Hotmail for two weeks rather than GMail. Unfortunately, his account got broken in to and spam mail started flooding out. OK, embarrassing but nothing more than that, surely?

Well, Microsoft use a single sign on system (a form of federated identity) across more and more of their products (your Windows Live ID). So gaining access to Hotmail potentially opened up everything else. With Windows now requiring you to sign in using your Live ID, everything on your PC could potentially be at risk.

We see this federated identify principle spreading across the web - how many sites can you now sign in to using your Facebook ID, your Google ID, your Twitter handle and more?

If a bank or payment service wanted to allow you to use a federated ID, which would they pick, which would they trust, and as importantly, which would you trust? Are federated identity services secure enough yet for controlling access to your banking relationships? What else can be done for you to prove that it is really you?

Unfortunately there is a balance to be made between security and usability. As we go more and more mobile, how many of us want to be carrying around multiple methods of identification (from printed code grids, to one-time passcode tokens)? We could start using other methods of supplementing authentication - for example using our physical location to enhance a cardholder present transaction, but what other options are there?

I'm not sure we're set for a true common identity yet, ideal as it may be. Then there's the issue of who looks after all that data, and who can get access to it - and that could be an entire post in itself.

External

This content is provided by an external author without editing by Finextra. It expresses the views and opinions of the author.

Join the Community

22,253
Expert opinions
44,223
Total members
408
New members (last 30 days)
201
New opinions (last 30 days)
28,760
Total comments

Now Hiring