Digital identity: what it is and why it must be protected
The concept of digital identity may sound difficult to understand, but it is something that most people have, and it is quite valuable.
Every time a person accesses their email account, a social network, a digital financial service or a transport application It is necessary to verify the identity of the user to authorize access to the goods or services.
(You may be interested: This is the information that WhatsApp shares with Facebook companies)
So it is, in essence, any existing personal data online that you have. There are two important processes in digital identity; authentication and authorization.
Identification is defined as the act of indicating the identity of a person or thing. For example, I am Pepito Pérez, identified with ID 123456, or I say be [email protected]
On the other hand, authentication is the act of proving the identity of a user of the computer system. I verify that I am Pepito Pérez because my physical appearance corresponds to that registered in my citizenship card; or I prove that I am the owner of the email account [email protected] because the password entered corresponds to the one previously registered.
(Also: Google will pay the media to show their news)
As for authorization, this is defined as the function of specifying rights or privileges to access resources. For example, once it is verified that Pepito Pérez is who he claims to be in the data provided, he is granted access to his bank account to make money transfers, deposits, etc., or to the email [email protected]
Based on the above, the following clarifications should be made in the Colombian context so as not to fall into inaccuracies and confusion with the concepts. In the country, The National Registry of Civil Status delivers the citizenship card to people who meet the requirements – in that sense, it fulfills the function of identifying Colombians before the State., which can be physical or digital.
(Also: Four Colombian startups that gain space in the market)
So, these tools can be used in the identification process prior to an authentication, but, experts say, they are not an authentication mechanism in themselves, the document alone is not enough.
This can be illustrated with an everyday scene. When accessing a nightclub, at the entrance, the citizenship card is generally requested to verify the age of majority.
However, this is not enough to allow entry. Whoever administers the income must verify that the photo included in the document matches the person presenting it, and for this the physical appearance of the person is contrasted with the photograph included in the citizenship card. This is a daily authentication process, and if successful, login is authorized.
(We recommend you read: These are the new functions that Google Photos has)
On the other hand, it may also be the case that in a digital identification process the citizenship card is not used, but the email or cell phone of a user.
This happens in services such as email, social networks and software services in the cloud, where the base identifier is not an identity document, but the email – where the identity is verified with a link. This identity data is then authenticated against a secret password that the user knows. And if this process is successful, access will be authorized.
In this sense, the different documents that citizens have are just one of the many identity elements that can be presented to request access, but which must then be authenticated. It is not an authentication mechanism.
By understanding this, experts explain, confusing these two concepts will generate a very high risk of theft, fraud or identity theft, since it is intended to authorize access without verifying the identity of the user.
(Also: What happens in the brain when you switch from speaking to typing?)
For example, commercially, it would imply that only using a third-party identity document could all private accounts on online sales portals be accessed, thus facilitating theft, fraud or identity theft, and the cost overruns that this would imply for an e-commerce portal.
According to the document on Security Measures in the Treatment of Personal Data of the SIC, only 15 percent of the companies analyzed have a level of implementation equal to or greater than 76 percent in its security measures for the handling of personal data of its users.
Therefore, it is also important that new digital services are created in which user safety is prioritized.
This priority of the user is key so that he is the sovereign of his personal information, so that control of his digital authentication is not lost and greater vulnerabilities and privacy risks are generated.
You may also be interested in:
– Cell phones in which Telegram will no longer work
– Google is fined 1 million euros for ‘misleading classification’
– The controversial social network Parler returns: why is it being criticized?
Twitter: @ TecnósferaET