A universal digital profile, with full privacy control for the users
Many users are tired of remembering hundreds of usernames and passwords. So the majority is either using one password for everything or storing their login information in the browser. Security managers are frequently shocked by the password management of users. But security and IT experts are now able to relax as a group of Internet experts has created a global open standard: ID4me.
Only a short percentage of users is changing their passwords on a regular basis. And when choosing a password, „easy to remember“ usually beats „secure, unique and complex“. Of course, you want to make sure your users choose a username and password combination that is secure. Forcing users to do so often results in storing the login credentials in the browser. Some systems force their users to change the password on a regular base, resulting in frustrated users or employees.
Already back in 2007 Microsoft Research published an often-quoted study, according to which “The average user has 6.5 passwords, each of which is shared across 3.9 different sites. Each user has about 25 accounts that require passwords and types an average of 8 passwords per day“. (1)
Today in the U.S. alone the average email address is associated with 130 accounts according to DigitalGuardian’s recent research. (2)
Dashlane estimates the average number of accounts per user will be 207 in 2020. (3)
So how can the 4.1 billion global internet users have a secure but as well convenient login process across the portals when managing between 100 and 200 accounts? There already exists a new term to describe this problem. It is called „password overload“.
So the process should be fast, convenient, without any complex passwords to remember. How is that possible as the password requirements couldn’t be more different, though.
Single-Sign-on – the convenient way to login:
One login and password for everything. The Single Sign-on technology offers a convenient way for the user to login.
In particular the Single Sign-Ons (SSO) of social media giants are widespread. Using a social media login saves users annoying registration procedures or just another login to remember. But then those tech giants do not rate that great when it comes to security and users privacy management.
A login process must be userfriendly to be adopted. We agree on that. But on top, more and more data security and data privacy is gaining importance, not only in Europe. The future are open systems respecting users’ privacy.
The solution: ID4me identity management
To foster adoption and remove barriers to market entry, ID4me builds on public and open standards (OpenID Connect and DNSSEC) and releases all its specifications as open, royalty-free standards, submitting them to the appropriate Internet standardization bodies. Entities already running single sign-on systems based on OpenID Connect should be able to extend them to provide ID4me identifiers quite easily.
ID4me – what makes the difference?
First and foremost the governance. ID4me is a non profit federated initiative created by an open group of Internet service providers, software developers and other entities that care about the future of the Internet and want to defend its distributed and federated architecture with respect to digital identities. Everybody is invited to join the initiative creating a federated back-end for identity.
ID4me documention and Sandbox are public: https://id4me.org/documents
What makes ID4me unique is the user’s choice of his ID4me provider and the separation of roles between authentification and the users data management
An important competitive advantage is the separation of roles between authentification, which is similar to the password check, and the management of the users data. The separation of roles is already provided in the OpenID Connect Standard, but so far is only used by ID4me.
The ID4me Standard provideds two roles, called the Identity Agent and the Identity Authority to ensure this security-related separation of powers.
The Identity Authority is responsible for the authentication. The users data however is managed by the so called Identity Agent.
The DNS (DNSSEC) hostname, e.g. id4me.org, is choosen as the ID4me identifier by the Identity Authority. The identifier is a domain name and the identification takes place in the DNS (DNSSEC). DNS stands for Domain Name System. DNS as the Internet’s public directory for people and services has already been established as a global standard and has a proven track record to scale. A special DNS entry enables the Identity Agent, which manages the user data, to be located transparently. This is called discovery. Based on the discovery funcitionality, it is possible to see who is responsible for the administration of the ID4me user data.
This transparent discovery, in turn, enables the portability of the ID4me digital identity. As a result, each user has the free choice of identity agent and can change it at any time. That is unique among the Single Sign-on systems. Social media logins, for example, do not provide a discovery functionality. If a user no longer wants to use Facebook, they will not be able to move their Facebook login to another provider.
Users can pick and choose who manages their identity („Identity Agent“). That could be a registrar, a Telco or any trusted portal he chooses.
Who supports ID4me already?
ID4me founding members are 1&1, DENIC and OpenXchange. The number of members and supporters keeps growing. There are more and more registries, registrars, TelCos and associations who support an open Internet. One of our latest members is Univention: Welcome at ID4me.
Everybody who likes to engage is welcome to join the ID4me working groups Adoption, Governance and Technology: http://id4me.org/engage
For any questions about ID4me, feel free to reach out to Katja Speck: firstname.lastname@example.org