Most large internet service companies today have introduced 2-factor authentication. Two-factor authentication is based on the principle that the user has 2 of the 3 identifying factors. The first is something that only the user knows, like the password. The second is something that belongs to the user. It could be their email address or phone number. And lastly, something that is unique to the users, such as their biometrics.
On social media, to access your account, it’s not just enough to know your password. You would also need access to your phone, where a verification code could be sent via SMS. For even more sensitive services like banking, biometric verification is used. Biometrics could be in the form of digital fingerprint scanning or facial recognition.
In either case, both the physical and virtual worlds are being used to verify your identity. It reduces the chances of hacking to a great extent.
Physical document verification technology is used in the car rental and credit industries. That is the other method of identity verification. Physical documents are uploaded in digital form to an internet service.
You can read interesting details on document verification in the technology section at Au10tix. In brief, the first step is to determine the type of document. Second, the originality of the document needs to be checked for forgery or graphic editing software. And third, whether the document belongs to the individual who has uploaded it.
These modern systems are now found everywhere, but where did they all come from?
Digital Identity vs. Physical Identity
Traditional paper documents like passports or driving licenses are quite straightforward. The institution or government that has issued these documents acts as the guarantor. They guarantee the validity of these documents. While they are fine in the physical world, they can be difficult to use in the digital world. And until recently, there was no way to tell whether the documents uploaded to a system were real or fake. The documents were vulnerable to data theft as well.
Digital identity verification goes back to the 1950s. Back then, nobody dreamed of owning a personal computer since the average computer was the size of a living room. And they cost millions of dollars, requiring dozens of people to operate. However, back then, data protection wasn’t as big of an issue as it is today. Operators used something called “punch cards.” These punch cards contained the computer program. The cards remained with the operator at all times. It was, therefore, physically hackproof.
Fernando Corbato, a student from MIT, was not entirely satisfied with this system. Computers back then could only handle one user at a time. And the university students had to wait hours for their turn. Over five years, Corbato designed a system that would let multiple people use the same computer at any given time. And to separate each user’s data from the other, he came up with the system of usernames and passwords.
The Problem With Passwords
Usernames and passwords can be guessed through a technique called brute force hacking. The hacker keeps submitting different passwords over and over again. Eventually, they get it right. To combat this, websites limit the number of login attempts. Some of them use captcha as well.
The other issue with passwords is that they are anonymous. There is no way to prove that the password belongs to you. Imagine your driving license having no identifiable information. No name, photo, age, or address. If it is lost, there is no way to prove that it belongs to you, and anyone could use it. That is the issue with passwords. Once they are stolen, it is impossible to prove that the password belongs to you.
Social Network Logins
Since the early 2010s, Facebook, Twitter, and Google have let users log into multiple third-party online services. Your Facebook account starts functioning as an online id. The benefit of this system is that you don’t need to remember multiple passwords. It is also easy for the service provider to verify that you are the account’s true owner. The disadvantage is that you are compromising your privacy. Your data can be monetized, thanks to the economics of targeted advertising.
Having read about digital identity, here is something you can do right now. Go to haveibeenpawned.com and search for your email ID. Next, go into your Google account and look at the personal data section. All your identifiable data is stored here. Go ahead and try these. You might find something interesting.