History has an Echo
In 1876, the first telephone call was made. The technological principles of the telegram – allowing for instantaneous communication over long distances – were deployed at a massive scale to allow for advanced, personal communication to be deployed in every home. The leap from dots-and-dashes to voice-and-sound took 32 years (Samuel Morse sent his first telegraph in 1844). By the late 1890s, 20 years since Bell asked Mr. Watson to join him in his lab, the sky of New York City had been blotted out by the ill-conceived, inefficient infrastructure built to deliver these services.
History, it seems, is not without an echo.
It was roughly 30 years between the invention of the computer password to the wide scale adoption of the internet. In the intervening 20 plus years, digital accounts have proliferated much like phone numbers in the late 1800s. And again, an ill-conceived, inefficient infrastructure threatens to blot out the sky.
In the near future, each household will be managing around 50 connected devices. 5G will drive a wave of innovation powered by new ideas about what we can do with all of that bandwidth and connectivity. The problem with technological waves is that the mental framework, the mindset that governed the prior generation of technology is slow to die. Therefore, we will find ourselves overrun with password fatigue, dreaming of the day we could see the skies through all of the password-lines.
But we will evolve. We have to. Our current mindset and methodology just doesn’t scale. The problem of digital identity will need to be solved.
First, in the next 1 to 5 years, passwords will become the “additional” factor, rather than the primary one. Other strong signals – like device data, physical and behavioral biometrics, or a second trusted device – will become the primary. We have already seen these trends in Apple products, like using the Apple Watch to unlock your MacBook, or the nigh ubiquitous fingerprint sensors. Soon the password will primarily be used as the method of “step-up” authentication.
Between 3 to 8 years from now, passwords will be fairly rare. Authentication will still be between a service provider and their customer, but the customer experience will be dramatically different. Companies will rely – primarily – on technologies like FIDO that provide cryptographic verification of identity. These will continue to be augmented by risk engines to discern identity. The industry will begin to see the emergence of “trusted identity providers” – an evolution of today’s social login features and password managers. These companies will provide users with the ability to log into their multitude of profiles with a single click. But the scalable attack of a breached username and password database will no longer be possible. This new paradigm will not be reliant on shared secrets.
5 to 10 years from now, you will see identity becoming its own segment of the mobile ecosystem. Not as service providers licensing products – but as organizations that share pieces of information at a microtransaction level that is so small as to stay unprofitable. When the user opens an application, it will query a network of participating companies (possibly over a blockchain or similar technology) asking “Who is there?” Tiny pieces of information will all coalesce to reveal the true digital identity of the user. Just in time and only what the application needs. All of this in a privacy preserving manner with user consent and transparency.
These predictions are not revolutionary. We have the technology that can perform all of these actions. What will be revolutionary is the business model that sees them coming to fruition. There must be an incentive, a reason for these claims to be harvested, recorded and shared. It cannot be a single entity. Each service provider will be interested in different parts of my digital profile and should only need to pay for what they need. This solution will need an ecosystem to support it.
Pasts Echo will continue to reverberate. Just as we evolved from the telephone poles and over the air wires in New York to a world with underground fiber and wireless communication – we will see big changes in our identity infrastructure as well. Identity discovery will no longer be through One-to-One connections. Instead it will be over Identity networks that are very secure and part of the invisible fabric that makes the Internet.