When I lost access to my Google account lately, it left a gaping hole in my electronic life and showed me just how tenuous the link into our online world could be. 1 thing I learned from the story I wrote about my experience was that I was far from alone. I got over a dozen mails and tweets from folks who had been locked from Google, Facebook or Amazon Prime, and couldn’t even figure out how to find their way back.
It raises a valid question about identity itself on the internet, something I’ve been considering for some time. How can we establish who we are and just how can we prevent my problem (and that of many others, apparently)? Just how much responsibility is dependent upon the support provider, even when that support is free of charge? How many kinds of proof ought to be enough to establish identity?
At some point it must turn into an exercise in opportunities for the seller. In my case with Google, I provided proof by email, mobile and security concerns — and it wasn’t enough. If you consider I was also using an identical IP address and the same apparatus I always use, that constitutes even additional proof.
When you provide all of this data, shouldn’t that be enough proof for any seller? I discovered the hard way that it’s not, and I’m not alone. I also found out the seller often doesn’t even possess some means of resolving these problems — and that could be the worst aspect of this.
Killing the password
Back in September, 2015 I wrote a post on TechCrunch called Kill the password where I contended it was time to substitute the password because it didn’t really work. Hackers stole them, people used ridiculous ones such as 1234 and it was simply not a deterrent to accessing our accounts.
Yet our services and our electronic lives demand security. In that same piece, I implored the sellers to discover a way to establish who we had been without placing the weight on us to remember something. Leaving security to the user is a fool’s errand. This was partly how I concluded that piece from the context of 2015:
The key is to find a way to secure our private information without placing undue hardship on the user, while making it difficult — ideally hopeless — to slip. That would call for automatic ever-changing passwords or perhaps something such as a fingerprint or eye scan.
The password becomes even more ridiculous in a cell context where inputting a strong password is a burden on a device where typing is not ideal. Surely biometrics has advanced since then and we are seeing increasing usage of the mic as well as the beginnings of this Apple face scan on iPhone X. All this makes the password and less desired, but it’s still the principal means of identification in many cases — and that should change.
Maybe I’ll see you on the blockchain
Like so many things, we create demonstrating identity more complicated because we don’t anticipate the process, but imagine if we place identity on the blockchain? Two years after writing that first piece suggesting we kill the password, I wrote another called The guarantee of managing identity on the blockchain in September this year. In case the blockchain is an immutable and incontrovertible document then it suggests it could be a great spot to handle identity, but there remain a variety of opinions. As I wrote:
Like any emerging technology, there will be a range of opinions on its viability. Using the blockchain as an identity management process is not any different. It will likely start to take on some role over the next five years because the guarantee is just so great, but how extensive this will be depends upon the way the industry solves a number of the outstanding difficulties.
When you put all this in the context of losing your identity on line, it brings us back to where the weight goes. It’s obviously incumbent upon online services (and offline for that matter) to make certain you are a valid user with appropriate credentials, but certainly there must be better ways to achieve so without forcing us through a password.
In a conversation of this becoming locked from Google narrative on Hacker News, 1 commenter, WhyNotHugo, proposed emailing log-in links that bypassed the need for a password completely:
These are just the types of steps businesses must be taking to remove the burden from the end user. Yet we are just two years farther down the road from when I wrote that initial piece about killing the password, and we are still facing the same troubles. The sellers will need to measure and find out new ways to prove identity just like those login links and quit placing the burden on us.
Short of providing password alternatives, services such as Google have to give methods to access an individual customer support person, whether that means paying a one-time fee or simply placing an investment in a human contact facility to resolve these kinds of problems Everyone should have equal access to this service and it shouldn’t be limited to people like me who have contacts inside these organizations due to my occupation.
While Google and Facebook (and other similar key services) are liberated, they could hardly hide behind that idea in regards to helping users whenever they need it. They are multi-billion dollar, highly lucrative operations and it’s time that they stepped up and offer a level of customer support to help resolve these kinds of problems in a timely manner.
We’re surely becoming better at online identity, but as my experience revealed, we have a ways to go. Even Google with all its sources, nevertheless struggles with this. I can’t even tell you demonstrating identity remains a challenge as we venture into in 2018, but we will need to figure out this, and we will need to do it soon. Too many people have experienced the annoyance I did of being locked out and that just shouldn’t even be the case anymore.