The average business user has 191 passwords. Private users tend to have less than that, and with different services. But all of them share one simple truth. Behind any password lies a fragment of a real person’s identity. It may be the social media account, the email inbox or the airline portal. But each of these fragments represents the real-life identity of a person at various stages of digital decay. Our pictures, our most important communication, our credit card and travel information are reflections of ourselves. They are our life.
These hundreds of identities represent us, can communicate and make agreements on our behalf, can book travel — all in our name. So if these hundreds of identities represent us, how do we know what they are up to when we are not looking?
Most of our split personalities on-line are provided by corporations, and while the law may increasingly put you in charge of your own identities, reality looks different. In most cases we have no idea what is going on with our personal data. And somewhat akin to a bad Hollywood film, some of the largest companies are valued by how many souls they have swallowed. But these companies are not the only problem.
The primary, and usually only, way to protect these identities from abuse are passwords. We know what it would take to use strong passwords. But most people do not. The 2018 IBM Future of Identity Study found that most people re-use only 8–12 passwords across all their accounts, half of which are simple. Once guessed or stolen from any of your devices or any of the services on which you are using them, your identities might go on shopping sprees, agree to contracts, or engage in criminal activity.
As Ethan Hill put it: you have a secret that can ruin your life. Passwords are a major problem, and no matter the layers of duct tape applied with second factor authentication or password managers, the time for passwords came… and went. To make matters worse, our many split personalities typically have one thing in common. Our email address. Which is used for the most important updates and allows to recover access in case our passwords got lost or stolen.
No matter how shiny the new service, how popular your Twitter or Instagram account, email is the single point of failure for the integrity of your many identities. Your security for your entire digital life in all its schizophrenic beauty will never exceed that of your email inbox.
Imagine you could leave this cacophony behind. You would create yourself one, true digital self that answers to you, and only you. It would have a black box, like a flight recorder, that ensures you know what has been done in your name, and what has not. It would work without passwords, instead using local keys stored in your devices to securely access your data. This true self could be used to authenticate toward other services. And for as long as those legacy services still depend on passwords, secure and unify password recovery.
What would you do for such a true self? Is a 2-minute sign up procedure asking too much? Because that is literally all it takes to join our prototype and become part of the journey toward a true digital self.