clock menu more-arrow no yes

We have too many passwords. We only need one trusted, strong online identity.

Can you imagine carrying 295 driver’s licenses? Of course not — so why is it okay in the digital world?

AFP / YouTube

How many passwords do you manage? I have 295 digital versions of me to access online assets from my bank to Facebook and everything in between. That’s a problem.

These credentials are all me. I’m the same person, no matter where I visit online. In addition to the hassles of managing these identities, the bigger problems are the lack of security, consistency and digital trust. Every digital account I create requires a new set of credentials — and weak ones at that, often just an email and password.

Can you imagine carrying 295 driver’s licenses? Of course not — so why is it okay in the digital world? That’s why a strong, trusted, single online identity is a must as we continue to evolve digitally — as individuals, as businesses and as a society.

Why has this not happened if it’s so obvious? In short, it’s hard. It must balance privacy, security, ease of use and widespread availability/universal acceptance. It’s also a question of who can provide this credential. Is it the government? Or is it a user-centric model?

In the EU and many civil law countries, there are national ID-card infrastructures where the government provides this service so you can pay taxes, access websites and sign documents online. However, it only works for government digital assets, so it won’t help you with the likes of Facebook.

But the value of a strong ID is that it’s something that’s not hackable. Well, not practically hackable. That requires three factors of authentication: What you have, what you know and what you are.

If you have an ATM card in your hand, that’s possession; and you must know something about it to use it — a PIN or security code. That’s two factors. That works well. But if that card additionally had a thumb reader on it that was registered to you, that would represent a hard-to-hack three factors.

An important ingredient to this secure ID is likely in your hand right now: Your mobile phone. It’s likely that your secure digital credentials will be linked to your mobile phone and cloud attributes that you can manage from your mobile phone. If your digital identity included available biometrics from your mobile device — iris- or thumbprint-recognition, as examples, so that only they could unlock your phone while also being cross-referenced with your bank account, phone number and other personal information — then you’d have a very large-scale, very strong digital identity that you could use for all sorts of things, easily and securely.

Being able to securely validate your digital identity is an important step, but it might be just the first step on a path to unlocking something even more valuable: Your reputation. The value of your reputation is the reason we have credit reporting agencies. In the digital world, these are all locked away separately behind different logins. Aggregating this information could be very valuable for you and the individuals and companies doing business with you. People could make granular decisions about you — whether to hire you, to loan money to you, to rent their house to you, etc. Coupled with a strong digital identity, your digital reputation can evolve to be exponentially better than the tired old credit score, and accelerate interactions and transactions between individuals and businesses.

So how do we get from here to there? It requires both building such a digital credential, which startups such as SureID, ID Co. and Trusona are working on, building a network of places that accept the credential, and individuals seeing its value to opt in and release certain amounts of very personal information.

Waze is a great example of a tradeoff between privacy and value. When you use Waze, you give up information to the network of other Waze users, including exactly where you are and how fast you’re driving. In return, you know where the speed traps are and where the slowdowns are, thanks to other users. Most are comfortable sacrificing this privacy because of the value they receive in return.

What is it about a trusted digital credential that will prompt enough people to value it? Perhaps banks will not allow you to have an online account without it. Perhaps you will be ranked lower on Airbnb and not have access to all the available rentals. Or perhaps Uber will not pick you up, or will charge you more because you don’t have a strong digital identity and reputation. Creating this network “stick and carrot” will be critical to success.

We’re clearly not there yet, but it seems clear it’s where we’re headed. The balance of privacy, security, ease of use and widespread availability/universal acceptance of a single digital identity is on the horizon, as is the value of your digital ID one day replacing all your current forms of identification. The question is how we go from zero to the hundreds of millions of users that create the network effect to advance digital identity and digital reputation.


Tom Gonser is the founder of DocuSign and a venture partner at Seven Peaks Ventures. He developed the first cloud-based electronic signature in 2003, which has since grown to become the global standard in digital transaction management used by more than 250,000 companies and more than 100 million users across 188 countries. Prior to DocuSign, Gonser founded several other companies, including NetUpdate and GPSFlight. Reach him @tgonser.


This article originally appeared on Recode.net.

Sign up for the newsletter The Weeds

Understand how policy impacts people. Delivered Fridays.