Have you ever felt frustrated after forgetting the password while trying to log in to any application? Always following the “Forgot Password” approach afterward! Even then ultimately end up using the same passwords everywhere? Or maybe you are smart and use a password manager like Lastpass or Onepass. While that helps, still we end up drowning in so many IDs and passwords that it becomes impossible to maintain humanly!
This is because today’s Web 2.0 lacks a critical identity layer. The Identity Layer refers to the natively built-in identity on the internet as a whole that can be used across applications. Instead, we are accustomed to the current identity management practices in place where identity is managed at the application layer but is there a better way? Let’s take an example of a physical setting when you go to an airport or train or police station even any pub, you don’t need an ID issued by the respective organization to enter or use these services. Instead, your ID which is issued by a central authority works everywhere. This is a user-centric architecture. Imagine a setting where every time you have to use a service you had to create an ID of that particular institution. This still happens when you go to college, school, or bank. This happens because the IDs issued by the authority are not extendible being physical. As an individual, you can freely roam around and use products and services by paying. Of course, some organizations do try to register but it is in general optional and the intent of such registration is to provide a more customized experience or rewards by collecting data and creating an internal profile. However, as a user, generally speaking for non-financial services, you need not provide any information or authentication for using the services/products.
Let us contrast this with our internet experiences with identity management implemented at the application layer as a workaround. Currently before using any product, the identity needs to be created at each website which then requires authentication. Entire data associated with the identity is stored centrally at the service provider. This means that user data is stored in a fragmented, siloed, and spread all across the web with little to no control whatsoever. With ever-increasing services and products, the number of accounts or IDs explodes making it a terrible user experience. It means you have to create your Gmail, Facebook, LinkedIn, Twitter, Uber, Amazon, and many many more profiles. Users have to fill in the same details again and again at the different websites for accessing the services. This has also resulted in the current password management fiasco. With so many passwords to manage, users often end up using the same passwords across websites compromising security. While ‘single sign on’ has provided some relief where users can use their Google or Facebook credentials for logging in but that too creates a profile inside an organization that often needs to be updated and verified. On the other side, these centralized ID providers have all the data about users and they can even deplatform the user arbitrarily. This is definitely far from ideal with no data or ID control.
Now let us consider this, an internet with user-centric IDs. It means you have a single ID and you can use that ID to log in anywhere. You have one single password. This ID is completely protected from any downtime. It is permissionless meaning anyone can create it and at the same time, no central authority controls it. Of course, it has to be censorship-resistant meaning no one can block your ID. It would simply be a parallel of your physical IDs in a sense which works everywhere and rather better where this ID can be linked to store other information required to maintain a single ID. You can instead maintain a single wallet with a single password. This will serve as a single wallet where all your IDs can be stored with the user having complete control over the bits of information they intend to share with the websites. Users own and control their data in an unprecedented manner. Web 3.0 implements this architecture with a native identity. One password for the entire web! No more “Forgot Password” :)
Of course, there are some critical concerns - the major ones being privacy & ID recovery. There are many protocols actively working for solving these problems. For example companies are working on solutions like multi-sig wallets, social recovery wallets for ID recovery. Similarly, many startups are actively working on the privacy aspect as well. But the ecosystem is evolving fast and surely seems promising. It would be interesting to see how Digital Identities evolve and come together in the future.