Identity & Authentication

'Identity Sphere' or 'Identity Onion'?

Being sure of someone's Digital Identity is only as important as the information you're trying to protect. Many online services can be adequately protected using simple usernames and passwords and most communications don't need to be encrypted. These are easily compromised, shared or copied but in most cases, the value of the information being protected isn't that important anyway.

Usernames and passwords offer One Factor Authentication because the end user is only required to have one item or factor: 'something they know' (the username and password). For other Factors of Authentication, you need to carefully balance the security level and Validation Process used, with how simple it is for the end user to understand and use.

If the Validation Sphere (also called the Identity Onion) isn't applied correctly in your environment, you'll bring 'tears of frustration' to the eyes of your end users. If you frustrate them at all, you've created an Identity Onion.

It's a simple case of taking a look at the total picture and deciding what best meets your requirements and what has the least impact on the end user.

When considering this, talk to your colleagues and consult with a Digi-CAST™ specialist. There will be a temptation to get consumed in vendors' technology, hardware v software, compliance with FFIEC, ICAO, EU, etc and other distractions. For the best results, remain impartial until you fully understand how the balanced Validation Sphere should be used.


The following sub sections may help to broaden your knowledge and help you to make the more informed decision: