Passwords are important as they form the bedrock of our personal cyber security – Diana recently sent me this article on password strength:
Experts reveal how long it would take to crack your specific password (msn.com)
Passwords were a big thing during my Master’s cyber security degree – their use, their limitations and cracking them – however more interesting than that were the discussions on what a digital identity was and how that could be used in the future.
The internet was built by geeks sitting in back rooms using expensive university and research computer systems to communicate with each other. Shopping, looking for cute videos of cats, cyber stalking, cyber crime or hate speech was not on their minds. Their idea of identity and security was that they knew everyone on the network. The protocols that we built our digital empire on have no intrinsic security or identity, it has all been bolted on as required. Each organisation (commercial and government) offering us a service has created its own login and password system and collected data from our activities for its own use – with us having little control. GDPR is but a governmental sticky plaster over a problem that grows daily. The UK’s Online Safety Bill is another attempt at defeating the giant by controlling the ordinary citizen rather than the perpetrators of crime and the controllers of our information.
Why decentralization is the future of digital identities – Microsoft Security Blog
Digital identities move the power of personal data back into the hands of you and me – the people who own the wealth of information that Big Tech uses to make its profits. No more of the Big Tech firm making money using our personal data one day and then apologising for a data breach the next – and ducking over to Ireland to face the wrath of GDPR. Meanwhile, as a result of the data breach, press releases will include phrases such as these:
- “highly sophisticated” cyber attack
- a “small number” of people impacted
- “criminal action”
- “taking appropriate security measures”
Individuals suffer inconvenience, a risk to their information and possible identity theft and the resulting financial impact.
Digital identities that we control have to be the way forward, where we only share verification of a bit of our information rather than letting a third party have the actual data which they could then lose due to a “highly sophisticated” cyber attack. Rather than securing these with passwords across multiple platforms with varying levels of cyber security, we could use multi-factor authentication and tiered authorisation on our data controlled in one platform with strong cryptographic cyber security.
Of course this blue sky wish has other problems we need to face:
- Who or what would be the platform where your digital identity was stored?
- Whatever type of security is deployed, there will always be someone looking for a way to break in
- There is the insider threat – the trusted employee who gives away the keys to the castle
- An individual will probably need a personal device to interact with these systems
On that last point. It is easy to flee a disaster zone with your paper passport or plastic ID in your bag, which can still be used at journey’s end however soaked and dirty it gets. In addition, it does not need charging, something that is difficult to do when the power goes out – but that is OK as the readers of the digital ID have no power either.
Then there is the issue of the cost of the digital device and the cost of ownership of that device. Are we just creating yet another digital divide?
That is the big snowball and it will only get bigger.
I love technology but technology does not have all the answers – we must remember there are real people involved in these technical decisions.
Clive Catton MSc (Cyber Security) – by-line and other articles
Further Reading
Online Safety Bill articles (Smart Thinking Solutions)
Online Safety Bill publications – Parliamentary Bills – UK Parliament
Draft Online Safety Bill (Joint Committee) – Summary – Committees – UK Parliament
Draft Online Safety Bill – GOV.UK (www.gov.uk)
Smart Thinking Solutions supports this UK Government initiative:
Let’s stop abuse together – Stop Abuse Together (campaign.gov.uk)
