Randall Stross lets the cat out of the bag in today’s Digital Domain column in the NY Times. The internet’s identity infrastructure is based on the use of passwords– and passwords are broken. And OpenID doesn’t solve the problem because the problem of passwords isn’t solved, rather it is extended. The single sign-on that OpenID enables creates a single point of failure for the defense of personal identity. Are you willing to bet your life on a single shared secret?
Most of the current internet identity work has been done on low value information. The question is will the infrastructure we’re building extend to supporting high value information? At what point will medical, legal and financial information be part of the larger identity ecosystem? Do we really want a single, unified persistent internet identity, or will a two or three tiered system of identity and authentication be created:
- Low value: quasi-anonymous information
- Medium value: blogs, social media, sharable
- High value: medical, financial, legal
What’s the right number of internet identities? Robert W. Anderson suggests that I need an OpenID for each health provider, for exclusive use with that provider. By using different uncorrelated username/password combinations across high value information/transaction accounts I can create the strongest possible position within the shared secret authentication ecosystem. Microsoft’s HealthVault will be accepting OpenIDs as a Relying Party from high trust Identity Providers Verisign and TrustBearer. But even as we start to venture into the area of medical information, we haven’t left the shared secret behind.
Authentication artifacts or factors are generally described as:
- Something you know (shared secret)
- Something you have (security token)
- Something you are or do (biometrics)
- Location (not in two places at once)
- Time (limited allowable hours)
A new factor is emerging based on social networks– a lot of low-value validated social connections could add up to a very strong authentication factor. The relationship card is a similar idea that establishes the value of an identity by the relationships bound to it. Clearly there’s a tie in to Vendor Relationship Management here.
Multi-factor authentication will require more than a shared secret; the real question here is about the human factors. What do we know about human behavior and passwords? Here are the top ten passwords:
- (your first name)
I’m somewhat surprised that “swordfish” didn’t make the list. Passwords and the shared secret authentication ceremony are a high friction point for users of the Network. The easier it is for me to remember and use my password, in most cases, the less secure it is. Even though it’s possible with most authentication systems to create a highly secure password, if I can’t remember it, I can’t use it. We’re in the early stages of imagining and building new identity architectures. Information Cards have potential to move beyond the current ceremony while building on a the wallet and card metaphor– but adoption seems to reside on the other side of the event horizon.
Ultimately internet identity and authentication ceremonies will be a social, cultural and political challenge. Systems can be built and standards can be established, but getting humans to use them is another matter all together. Evangelizing new identity ceremonies will be as simple and complex as answering the question: what’s in it for me? The Internet Identity movement needs to start taking a hard look at the human factors of these new systems. Richard Thaler offers this mnemonic device to recall the most important six principles:
- Understanding Mappings
- Give feedback
- Expect Error
- Structure complex choices
The concept of Choice Architecture and the Nudge could play a large role in the success or failure of these systems. In the end, it will be humans who will either find value in these new identity architectures, or will, with a shrug of their shoulders, ask the community to please try again.