According to customer identification manager LoginRadius, four out of five people dislike the tedious process of providing personal information for website registration. The Baynard Institute, a web research company based in the UK, reports that 35 percent of online shoppers abandon their shopping carts due account creation requirements, while ITProPortal estimates that we will have over 200 digital accounts to manage by 2020.
This could be why American business magnate Bill Gates predicted the death of the password at the RSA Security conference in 2004: “There is no doubt over time, people are going to rely less on passwords. People use the same passwords on different systems, they write them down and they just don’t meet the challenge for anything you really want to secure.”
Social media acount logins have become a popular alternative to online registrations. The process allows internet users to use a single-sign-on that leverages the existing information contained within platforms such as Facebook, Twitter or Google.
LoginRadius claims 93 percent of consumers prefer to use a social login over traditional email registration. Facebook took the lion’s share with 53 percent, while Google, Twitter and others made up the remaining 40 percent.
The benefits of a single-sign-on account are not limited to ease of use, as corporations also stand to gain an edge. We are living in age that is referred to as an Attention Economy, and human attention is treated as a scarce commodity.
As opposed to bombarding potential customers with irrelevant information, websites are now able to harness the information provided when a consumer uses a single-sign-on account. This information includes the user’s name, email, hometown, interests, activities and friends.
With personal insight into a customer’s online personality, corporations are now able to tailor content specifically to the user. However, this single-sign-on luxury can come at a price. Many of these single-sign-on processes are supported by a protocol called OAuth 2.0. In November 2016, three researchers from the Chinese University of Hong Kong published, “Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0.” The researchers explored the incorrect usage of OAuth 2.0 by third-party app developers, which could be exploited remotely by hackers, and without the victim knowing.
600 top-ranked US and Chinese applications which use the OAuth 2.0 authentications service were subject to the attack. “Our empirical results were alarming: on average 41.21% of these apps are vulnerable to this new attack,” states the paper.
“OAuth isn’t meant to do stuff like validate a user’s identity — that’s taken care of by an Authentication service. Authentication is when you validate a user’s identity (like asking for a username / password to log in), whereas authorization is when check to see what permissions an existing user already has.”
- Randall Degges, Stormpath
However, OAuth 2.0 is only one piece of the security puzzle. In 2014, the National Health Service based in the UK, concluded that their patient database system was susceptible to attack. In July 2015, 32 million users data was stolen from Ashley Madison, a website which enabled extramarital affairs. Last December, Google accounts were attacked by a new malware campaign called Gooligan.
Companies are trying to do their part to protect their customers information, but it is expensive. According to Ctrl-Shift, an audience-focused marketing solutions company, costs of identity assurance processes in the United Kingdom exceeds £3.3b a year. If this figure were to be extrapolated to the size of the United States population, it would equate to US $22b. This does not include the costs rendered for storage, protection, breach and regulation.
However, all is not lost. A team at the multinational professional service firm Deloitte have collaborated with the World Economic Forum in order to explain how digital identity systems can still drive maximum value, with security as a priority.
“We see blockchain and digital identity as living in symbiosis,” states Deloitte’s mandate for digital identity. ”Digital identity is a critical enabler to broaden blockchain application. And blockchain appears to offer powerful capabilities to digital identity systems, such as unforgeable and publicly verifiable identity proofing via distributed ledger,”.
Blockchains will be able to provide the convenience of single-sign-on, and to use that identity across a multitude of organisations. This possibility first came to light in September 2016, when Evernym announced that it had donated the intellectual property for the Sovrin Identity Network, to a newly formed nonprofit organization; The Sovrin Foundation.
“An Internet-Like identity system has been a long time coming, but I’m excited that recent developments in distributed computing have allowed truly self-sovereign identity systems to be realised.”
- Phillip J. Windley, Ph.D., Chair at Sovrin Foundation
The Sovrin Foundation recognises that as the internet continues to expand, there are more services available than ever before at people’s fingertips. “This silo-based approach, where users must maintain identities for every site they interact with has become untenable,” states the Sovrin whitepaper. “It is not just a usability disaster for individuals, it also creates a multitude of data honeypots for hackers - the breach of which compromises trust in all Internet services.”
The team at Sovrin are looking to harness the power of blockchain technology to consolidate the fragments of digital identity for internet users. In order to achieve this, three basic requirements need to be satisfied; Security, the identity must be protected from unauthorised disclosure; Control, the owner of the identity must be able to choose who can see and access their data and for what purpose; and portability, the user must be given the option to use their identity at their own discretion and not be tied down to one single provider.
In order to achieve their goals, the team at Sovrin leverages the Hyperledger Project, an open source collaborative founded by American Multinational technology company IBM. Hyperledger is managed by The Linux Foundation, and is working towards creating an open, standardized distributed framework. The project has attracted a great deal of attention from companies of all sizes looking to implement blockchain as a service (BaaS), and Sovrin is not the only digital identity initiative leveraging the power of the Hyperledger Project.
In December last year, Sphre announced its core product Air, a system for digital identity. Daren Seymour, Managing Director at Sphre explained that the platform is designed to disrupt the current digital identity paradigm, by placing the value of an individual's identity back in their own hands, whilst increasing their privacy and security.
“It occurred to me that suddenly we had a viable technology in blockchain that could solve the Digital Identity challenge for both enterprises and individuals, and further enhance the potential for privacy, societal and financial inclusiveness that currently elude billions of people. It may be a somewhat utopian view; but, I want us to build a fairer internet.”
- Daren Seymour, Sphre Managing Director
The Air platform consists of three key components; the Application Programing interface, which will allow third party organisations and enterprises to integrate the support of Air; the Mobile application, which will be able to secure maintain an individual's private key; and Chaincode, which is similar to a smart contract and will allow an individual to recover their identity if their mobile phone is lost.
The mobile application for end-consumers will harness the power of understanding Attention Economics in order to drive user adoption. This will be built upon the Air core system, which has already been prototyped. The final software requirements have also been completed for both core and end-consumer application.
For further development, Sphre will be conducting an Air Crowdsale which will take place from 19th of April 2017 to 29th of May 2017. The funds from the crowdsale will be used to complete product development and launch. The funds will be held in multi-signatory and released as the projects reach successful completion. Seymour states that there is one exception, as partner engagement to facilitate the crowdsale will be paid upon its completion.
In the future, Sphre is looking to build additional projects such as Eon, a health management system. “I am very excited about these products potentials to give control back to the individual in their target product sectors, and the enhanced benefits that potentially they could bring to the enterprise arena,” said Seymour.