I have a spreadsheet on my computer at home with about 100 user names and passwords on it. I never have it to hand when I need it. Security experts tell me that I shouldn’t note them down, especially with all the viruses and Trojans on my computer. They also tell me that I shouldn’t use the same password for each service that I use. So usually I have three stabs at trying to remember my password before swearing loudly at the commuter (or politely explaining the problem to the person at the other end of the phone), giving up and doing something else.
I’m sure everyone has experienced the frustration of being asked a password they can’t remember. But the challenge for digital services is greater than just the creation of a usable yet secure authentication mechanism. The question is trust: why do you trust the person or computer at the other end of the digital channel.
It’s a complex question that has been around for x thousand years. We’ve just brought the problem to our immediate attention with the advent of remote services delivered over digital channels. The answer to the question is: we just do. We trust people because we want something and we want it enough to incur the risks that we perceive.
A psychologist told me that we are genetically programmed not to trust anyone or anything 100%. We take everything with a ‘pinch of salt’. We make a ‘value judgement’.
I asked my daughter who she trusts most. “You Daddy.” Thankfully, she hasn’t looked at her chocolate jar recently. Her mother, meanwhile, is always borrowing from her piggy bank. She’s 7 – she’d be more worried about getting the chocolate back. Knowing who someone is only helps us so much.
Identity is part of the way in which we establish trust. It’s necessary for many transactions but not sufficient. It helps us establish facts about the person that we need to make the judgement call. It means we don’t have to start every transaction from scratch: we recognise the person at the other end.
We need better ways of establishing trust relationships in the digital era. We need better security than long lists of user names and favourite films. Our aim is to collectively address these problems through the GDS Identity Assurance Programme. We’ll use this blog to explain the problems we have and communicate how we’re getting on with addressing them.