By Geoff Webb, director, solution strategy, NetIQ
Five thousand years ago the Minoans used carved ivory seals to mark everything from bundles of documents to the contents of packages. Elaborately carved, the seals provided some confidence that whatever lay within the seal was the genuine article – what it claimed to be.
Today however, we face an increasingly thorny problem – proving that we are who we claim to be. This is especially difficult as more and more of our lives move online – in many ways our identity on the internet has become what defines us.
Yet every time we establish a new connection with some online resource or new website, we face the same tedious process of recreating a new identity – an account with that site, a new username and password to remember for next time we visit. And if the next time we visit is in six months or a year, remembering that username and password can be a real problem – for us and the site we are visiting.
As a result, for many the “forgotten password” button has become a regular part of the process of logging into websites. This is not surprising when studies have revealed that the average 25-34 year old possesses a mammoth 40 online accounts. Remembering a separate username and password for each one is not a viable approach, so most users reuse the same details for multiple sites, bringing about clear security vulnerabilities.
But is there a solution? Perhaps a more pragmatic approach would be for each user to work with one standardised online identity, giving individuals the opportunity to connect to sites quickly and efficiently. A single, consistent identity that, like the Minoan seal, says that we are who or what we claim to be.
Welcome to the era of social identity.
The number of social networks that are in use today is large and growing – from Facebook to LinkedIn, Twitter to YouTube – and they all have allowed internet users to create online “social identities.” And in addition to enabling interaction with friends, family and colleagues, these social networks are increasingly being used to form the central hub in a network of interactions with other sites, services, and companies. So rather than having to create a new account – or identity – when we want to use a website or online service, more and more of us are able to simply use our social identity to connect. The already ubiquitous Facebook or Twitter logo is popping up in more and more places as the default method of connection.
And the social identity providers aren’t blind to this either. For them, the opportunity to become the definitive source of identification for online interaction is very tempting indeed. Think Google is big? Imagine the possibilities for a business that becomes the single source of authentication in online interaction, from the way customers access their bank to the way one business exchanges information with another.
Of course, the benefits to both users and businesses are also potentially significant. Firstly, using just one social identity would eliminate the need to remember or reset multiple usernames and passwords. This in itself would make the online experience much more straightforward for users, and this convenience would also benefit organisations as consumers would be more inclined to carry out a process, such as a tax return, online if they did not need to remember or look up login details last used one year ago.
In addition it will be possible for businesses to target consumers with marketing and advertising based on their social identity and interests as opposed to the current “hit-and-miss” approach. It is no surprise that Gartner has predicted that half of retail logins will be made through social networks by 2015[i].
Not everyone, however, looks forward to a more “identity-centric” web experience. Inevitably concerns about personal data being used in such a way have been raised – who will have access to my social identity, and what can they see? Moreover, using social identity alone as a way to interact with sensitive data such as healthcare information or online banking is a long way off. Rather, we should expect to see social identity forming a “lowest common denominator” of authentication with a series of increasingly secure “step-ups” being used to control access to sensitive services.
However it happens, it is all but inevitable that social media will become a regular means of communication, if for no other reason than individuals increasingly choosing to define themselves in terms of their social identity.
As a result it will be equally necessary for businesses and government services to adapt in line with these changes and enable social access. Organisations must welcome the age of social identity or be left behind.