Solutions Review’s Expert Insights Series is a collection of contributed articles written by industry experts in enterprise software categories. Dr. Mohamed Lazzouni of Aware centers a discussion around decentralized identity and the future of authentication solutions.
There is an increasing trend, particularly in certain industries like crypto, of moving towards a decentralized identity model. Yet, the concepts of centralized versus decentralized identities may be challenging for people to conceptualize and understand. At the highest level, a decentralized identity model challenges the idea that a third party is required to manage the sensitive data used in authentication. Here, we offer simple explanations to define each of these terms, along with thoughts on the future use of these approaches.
Decentralized Identity: The Way Forward
What is Meant by “Centralized Identity”
Centralized identity means peoples’ credentials – passwords or biometrics, for example – are collected and stored in one centralized database. However, there are numerous shortcomings to this traditional approach, the biggest liability being, of course, that central databases can be hacked and the data compromised. This is why some organizations are wary of using biometric authentication. The other issue is that organizations that own these central databases may not always handle the information in alignment with users’ wishes.
What is Meant by “Decentralized Identity”
On the other hand, the Web3 concept of decentralized authentication means there is no central authority where someone’s credentials are stored, and no central authority is needed to verify a person’s identity. In this model, users authenticate themselves to a neutral third party only once, with proof of one’s identity then saved in an identity trust fabric (ITF) that may include blockchain technology. This ITF acts as a middleman between a user and all of their service providers, handling all identification and access requests. Any data held by the ITF is encrypted and encoded under complex mathematical operations, increasing security to levels the likes of which humankind has never before seen.
The Role of DIDs
An immutable record of a person’s data being recorded in an ITF or on a blockchain might initially sound a little scary and risky. But this is where the concept of decentralized identifiers, or DIDs, comes in. Traditionally, many digital services have relied on password-based logins, but given how easy it is for passwords to be lost, stolen, or hacked, this is a highly insecure approach. Alternatively, multi-factor authentication schemes can increase security, but these add friction that often reduces user adoption, productivity, and stickiness. An example is when you’re trying to access a service, only to find once you successfully enter your password, you need to scramble for your phone to receive and submit a one-time code sent to you via text, thus adding another layer of inconvenience. DIDs, on the other hand, securely confirm a true, unfalsifiable digital identity without adding aggravation or inconveniencing users.
There are multiple ways to create and prove this true identity, with biometrics being one notable example – after all, nobody can fake someone else’s fingerprints, voiceprint, or facial print. When one’s DID is linked to a physical attribute, the individual can authenticate securely without revealing their name or any other identifying information.
There are clear signs that online authentication is slowly but surely moving to a decentralized model, especially for more modern forms of authentication like biometrics. One example is crypto-biometrics, where biometrics are used to unlock access to, say, a bank account, without ever leaving the user’s device (i.e., there is no central repository of biometric info). In this scenario, device-based configurations place the biometric functionality onto a person’s device; all biometric matching, template storage, and liveness detection happens on the device. Another early form of decentralization that works well with biometrics is the practice of breaking this data up into anonymized bits, which are spread and stored across a vast network. This means that even if a hacker could access biometric information, creating a composite would be virtually impossible.
As the adoption of more advanced forms of authentication like biometrics increases, so too will decentralized identity, as it represents the most private of private information. Organizations that understand and capitalize on it will create and benefit from a long-standing competitive advantage. These companies will reduce the often-heavy compliance burden of dealing with and handling users’ private info. They will also enjoy a higher level of security and information protection themselves, with no central database of client information to hack.
But perhaps most of all, organizations that offer this combination of biometric authentication and decentralization will have a leg up due to providing users with the convenience of doing away with cumbersome passwords and multi-factor authentication. The importance of this cannot be overstated. Convenience has become one of the most important factors for users as they decide who they will do business with. We believe that decentralized identity is the key to advancing the next wave of online authentication, and innovative organizations will want to pay close attention to this emerging opportunity.
- Centralized and Decentralized Identity and the Way Forward - April 28, 2023
- Democratizing Access to Biometric Authentication - December 30, 2022