An effort has started to create an identity management platform that works just like those of the OTTs, but empowers the user rather than the provider, protects the user’s privacy and digital freedoms, and is based on an open, public standard.
Managing accounts, credentials and personal information on the Internet has become a nightmare. Almost every website today encourages users to register, or even requires them to do so to be able to access content. They usually want some combination of your email, a password, your name and date of birth. This information is always the same, yet you spend your time typing it again and again, then double checking it for mistakes and correcting typos before pressing Enter and being granted access.
And you often reuse the same password that you already used for countless other websites, because there are only so many passwords that you can remember – until you find a website with an annoying password policy that your ordinary password does not meet, and then you have to add a punctuation symbol, a Greek letter and a B flat note played on a horn.
Some people try to solve this by using password managers, such as the ones included in modern browsers – and then they have to remember and secure the password to their password manager, and there is no way to recover their accounts if they lose it; and if they end up using someone else’s device, or a PC in an Internet café, they cannot log in anywhere, as they do not know any of their passwords any more. So they will save their credentials on their mobile phone, which then gets stolen, putting all their online affairs at risk.
Today in the U.S. alone the average email address is associated with 130 accounts according to Digital Guardian’s recent research. Dashlane estimates the average number of accounts per user will be 207 in 2020.
So how can the 4.1 billion global Internet users maintain a secure and convenient login process when managing between 100 and 200 accounts?
A convenient option has been gaining ground: Internet-wide single sign-on services run by the big OTTs. There is such a need for a simple solution that almost all websites quickly started to let you “login with Google” or “login with Facebook”. Or with Twitter. Or with all of them: just pick one of a list of ten providers and use their credentials.
This is a step forward, since you only need to remember the passwords to your social network accounts, and use them everywhere else. However, it poses a huge risk to your privacy: do you really want an monopolistic conglomerate whose business is based on monetising user information to know all the places where you log into, track you as you move among these services, and exchange information on you with them?
This is why an effort has started to create an identity management platform that works just like those of the OTTs, but empowers the user rather than the provider, protects the user’s privacy and digital freedoms, and is based on an open, public standard that allows any number of parties to supply identities to users, making all these identities interoperable.