Securing your digital home – part 2: identity
In part 1 of this new blog post series, I explained what one’s “digital home” is and why one might want to secure it. In this blog post, we’ll start with the foundation of a secure life — identity.
What’s a digital ID?
We use and depend on digital goods and services everywhere, in our private lives, at work, for volunteer side-projects and so on. And in order to access these goods and services, identification is usually needed. But what is a digital ID?
There are various ways we identify ourselves online, some are obvious and some are less obvious. The most common digital identity system is via a publicly known email + a private password, for example your Gmail. With this combination of something public and private you can prove your ID online. Other popular digital identity systems are Facebook Login, Apple ID or BankID (commonly used in Sweden).
Building a life on your digital ID
It’s important to realise that (almost) everything we do online will build or depend on your digital ID. It’s therefore important to make sure that you’re in control of it and that it’s secure. And you have to define for yourself what “in control” means. Is it ok that Google or Facebook control the ID for you? Is it ok that they sell data surrounding your identity to other companies for profit? Maybe the convenience of using Google and Facebook is worth it for you, and that’s ok. But it’s important to know that there are alternatives. You can read part 1 of this series for an example of how to think about who to trust.
It’s not guaranteed that a company will always provide a certain service. And although both Google and Facebook mostly likely will outlive anyone who’s reading this blog post it’s still a philosophical question worth asking. Who do you trust handling your digital ID for you?
Alternatives to Google and Facebook for identification
Instead of building a digital life on top of e.g. a Google email, you can purchase your own domain online and configure an email service with e.g. ProtonMail, HushMail or Mailbox.org. The benefit with owning your own domain is that you yourself can move it to the provider you like, at any time. You’re in control!
Apart from email-as-identification, there are other forms of ID platforms popping up, e.g. Keybase, uPort and Civic. I find Civic particularly interesting, because it would provide a way for you to truly own your own ID without having to trust anyone else (see the video at the end, if you’re interested).
Keeping your ID secure
After you’ve decided what your digital IDs are (because you can have many), it’s important to secure them. A good password is not enough these days, because even if you pick a secure password, if you depend on a company like Google, Facebook they might leak or have a breach of information. Like when LinkedIn was hacked and leaked over 100 million email addresses and passwords.
In addition to just using a password you should consider using two-factor authentication (2FA) for the services you depend on. That way, even if someone knows your password they won’t be able to compromise your ID. Checkout the following links for how to enable multi-factor authentication on some popular services:
- Facebook: What is two-factor authentication and how does it work?
- Google: 2-step verification
- Apple ID: Two-factor authentication
It’s easy to forget how much we depend on the integrity of our email addresses — our digital IDs. And it’s easy to put all your trust in companies to manage these things for us. But information leaks and breaches happen, without you being in control. So it’s important for each and everyone of us to decide how important these things are, and take the right measures to stay secure.
In this blog post we’ve only scratched on the surface of digital IDs. In later posts we will, for example, explore how to better manage passwords and other secret keys.
Below you’ll find an interesting look at how digital IDs might work in the future: