Despite the enormous advances in the digital space in recent years, the one element that remains stubbornly resistant to change is the use of passwords to authenticate users. Passwords have been identified as a major security risk by countless cybersecurity experts, and have proven to be a real pain for users.
The problem with passwords
The traditional password-based login is an insecure approach to digital interaction, creating headaches for users who have to remember an ever-increasing number of logins and passwords for all their digital accounts. They are also a huge vulnerability, often being the point of entry for hackers and unscrupulous cyber users.
To add to the complexity of the issue, new data privacy laws and regulations have created a mess of cumbersome customer experiences that are costly, inefficient, and not user-friendly. Though there has been some progress, with two factor authentication becoming more wide-spread, it is still a less-than-ideal solution that doesn’t address our underlying dependency on digital passwords.
Third-parties hold our data
Today, our valuable digital identities are managed by some kind of central authority or intermediary. For example, you still have to log on to a bank’s website to access their own account. Your account information is protected by a user login and password. The bank will not allow you to log in with third-party credentials, like say your Google or Facebook account. You need a separate set of digital credentials to use your social media accounts. In fact, you need a separate set of digital credentials for every company you have an account with.
While this does keep your data secure by preventing the creation of a single point of failure, for the end user, it is a major hassle to manage. Not only that, but the end user has very little say in how their data is stored, handled or accessed.
How Blockchain can create a password-free future
Blockchain technology might provide an effective alternative authentication alternative.
What Blockchain offers is a fundamental shift in the way we approach user identification. Its decentralised approach to data means the user will have exclusive control over their data, free from the prying eyes of any third party. Blockchain experts assert that crypto technology, as evidenced by applications like Bitcoin, could be applied to digital credentials to create a similarly secure and decentralised user identification system.
In this future, there would simply be no need for companies and organisations to maintain centralised databases of user information. Users would own100% of their data, free use it as they see fit. That means the user would have a digital ID that is completely unique to them. A single ID that could be used across any number of platforms and systems.
Such a self-sovereign identity system would rely on public-key cryptography, the same kind that Blockchain networks already use to validate transactions. The technology isn’t exactly new. The concept has been around for decades, but the technology has been difficult to implement for consumer-level applications.
The challenge lies in making public-key cryptography more practical. Public-key cryptography is a security method that relies on a pair of digital keys to authenticate users and verify transactions. One key is public and one is private. Only when both are used together can any transaction be conducted.
Taking a cue from the success of Bitcoin
To see the method in action, let’s take the case of how Bitcoin works. Bitcoin users are represented on a Blockchain by strings of code called addresses. These addresses are basically their public keys. Bitcoins are held in digital wallets, apps designed to hold and exchange Bitcoins. These wallets are essentially management systems for private keys. But just like a real wallet, we can extend their functionality to hold digital credentials as well. These credentials serve as proof of identification. A user can simply use the wallet app on their smartphone or computer to access their credentials at any time.
This kind of ‘universal’ ID can reinvent the way we log in to any app or service.
The massive popularity of cryptocurrencies has suddenly made the technology very attractive and lucrative for developers. Any company or organisation that successfully commercialises the technology stands to make tremendous profits by creating a viable customer-friendly Blockchain ID solution.
Development is already underway
The idea is spreading quickly, with governments already taking an interest in the technology. The city of Zug in Switzerland, for example, has already launched a Blockchain-based pilot project to provide self-sovereign digital IDs to its citizens. Similar projects are already underway by government bodies in Brazil and the US.
But the biggest question still remains: will the average consumer embrace such a system? This is where user experience and design considerations come in. The entire experience will need to be simple, intuitive and convenient that provides a much better user experience than traditional username and password-based portals. From a technological standpoint, we are almost there, but the real challenge lies in design, presentation, ethics, ease of use and convenience. These are major barriers to overcome and could prove to be the downfall of digital IDs if not addressed properly.
But thanks to Bitcoin and cryptocurrencies making the headlines, there is a lot of awareness about the potential of Blockchain technology, and it is only a matter of time before we start to see more and more diverse applications of the technology, including in our daily digital experience.