These days when you are in a grocery store or a retail shop, you often have to “sign” on the pad to complete your purchase. It’s a joke. Most of us just drag a line with the pen and it doesn’t look anything like a signature. Using a social security number as identification is getting pretty close to being that much of a joke. So is using an ID and a password to log in to – anything.
Using the Social Security Number as an ID is walking dead – it’s already dead – but it’s still walking around and getting used. We need to bury it.
People have been writing articles about this for some time. Here’s a good one from Wired https://www.wired.com/story/social-security-number-replacement/. That’s the “push” to get away from it.
Related to how obvious that is, there is increasingly a “pull” for a better solution. With the recent enormous security breach of Experian. This was in The New York Times yesterday.
There is no argument there is a problem.
What’s somewhat amazing is that collectively people haven’t taken a step back to see the real issue. People often get so used to how they go about doing something – they/we lose sight of why we are doing it. Even when we are driving to a favorite restaurant or destination when someone in the car asks “why are we going this way?” – it doesn’t really matter how you get there as long as you get there safely – on time. I call it the “How Trap” and I wrote a whole book about it called Rethink. Social Security Numbers and ID/password are classic How Traps – they were a good solution for a while, but now there is a much better way, and our habits are so ingrained that it’s going to take some work to change. That’s OK, but we need to get on with it.
The problem is that Social Security Numbers (SSN), ID/password login, and the scribble signature at the grocery store are proxies for us, but they are bad and inadequate proxies. SSN made sense 50 years ago because it’s something we got in the mail and guarded it like a secret – so simply knowing it was a pretty good way to trust that we are who we say we are. Now our SSNs are all over the place – in documents for bank accounts and home purchases and tax filings. And if Experian’s credit ratings data got hacked – any of these other systems can, and will get hacked. So it’s no longer a good form of confirming we are who we say we are.
Knowing someone is who they say they are is what we call “First Mile” authentication. Once you know you are dealing with the person they say they are – you have trust – and if you have a way to get back there – then you have a good way to maintain trust throughout a relationship. And with smart mobile devices, you can use several different “biometrics” like fingerprints, eye scans, facial recognition, and others to re-authenticate once that first mile has been done – and that’s already pretty common for those of us who use a smart mobile device all day every day.
The new way to do this is to match a selfie with a government issued ID like a driver license or passport.
That takes some work, and that’s why AuthenticID is a successful business – doing that for people in over 190 countries is hard, but it can be done in less than 10 seconds. Of course AuthenticID has competition, but the point is that the SSN/ ID Password / Grocery store scribble has been solved – we just need to start getting more widespread adoption.