Identity Blog

BYOID is the New Authentication Norm

If you’ve heard of the Bring Your Own Device (BYOD) movement, you would know that the concept of bring your own stuff works pretty well in certain situations. And certain situations have heralded the next iteration of this movement, Bring Your Own Identity (BYOID).

BYOID will be (and already is) bigger than any Bring Your Own movement simply because it encompasses almost everyone who goes online. The predominantly digital nature of the modern business-customer relationship exhorts consumers to use digital identities and businesses to implement better identity management processes for external users. However, the onus is on companies to make the relationship as simple as possible for the end users. The Bring Your Own Identity (BYOID) methodology is an apt solution to the identity crisis that consumers world over are facing and baulking at. It’s a bit like customers bringing and ordering from their own menu at a restaurant which can manage cooking and everything  else.

Problems with Dedicated Digital Identities

Well, from a user’s perspective, web authentication have stagnated over the last few years. Till recently, the most popular and most commonplace type of user authentication was the HTTP based basic authentication using the username and password in a lock and key mechanism. This has been the case since the first web based emails were used in the 1990s. Nobody probably thought then but the same username or email address has come to take the form of a digital identity. A person’s real-world characteristics and attributes are tagged to this identity creating the profile. Of course, such an exercise has only become regular in recent years.

The problem, though, lies in redundancy. Today, there are countless businesses competing with each other on an equal footing. For a user to create identities and build profiles on each company’s web property would be extremely vitiating and counter-productive. Unless consumers have a specific and clear need to create those identities, they will not. And apparently, that’s not the case with most businesses.

A decade ago, this would have worked like a dream and it did. But not today. The sheer number of businesses makes it impossible. In the current heavily populated business environment, the whole idea of consumers having dedicated identities for each business website or app is in itself the biggest problem.

What exactly is Bring Your Own Identity (BYOID)?

The reason behind the highly popular Bring Your Own Device (BYOD) paradigm gaining traction was simply that it was easier for employees to use their personal devices at work than ones issued by their employers. The ease of use is the most important factor in such decisions. And so is the case with identities. It is much easier for consumers to be authenticated with a secured portable identity they frequently use than with rigid dedicated identities that can be used on just one property. Bring Your Own Identity (BYOID) allows consumers the freedom of being authenticated with a portable identity of their choice.

In the words of the Trusted Identities Group of the US National Institute of Standards and Technology (NIST), “Individuals and organizations employ secure, efficient, easy-to-use, and interoperable identity solutions to access online services in a manner that promotes confidence, privacy, choice, and innovation.” Interoperability is the keyword here from a user’s perspective. BYOID is not just about a company issuing one identity and allowing that identity to be used on web or mobile properties owned by partners. Identity should span and scale up to as many businesses and services as possible and the customer should have brought that identity. For instance, social login allows consumers to be authenticated with their, say, Facebook accounts. That’s an identity the user already holds and its portability allows consumers to use it on multiple independent web or mobile properties.

But BYOID doesn’t end with social login. It only begins there. Consumers should have the freedom to use any of their identities and be able to login on the basis of the authenticity of that identity. For instance, customers could login with their mobile phone numbers and an OTP sent on that number. Or authentication on the basis of an OTP to a customer’s email address. The possibilities are endless. In an ideal scenario, BYOID shouldn’t just allow portability of identities but also allow make the user experience seamless.

Why would BYOID be Preferred by Customers?

In a highly crowded digital ecosystem, companies shouldn’t just think about customer experience from their perspective but take into account the spillover effect of other websites or apps during a particular period of time. For instance, if a prospect has signed into a work email account, a personal email account, an internet banking account and another general website right before reaching your website, he or she might be fatigued with authentication. The customer may no longer be inclined to sign in. Businesses must estimate the entire journey a customer takes up in a period of time to ensure that they don’t become victims of bad identity management by other companies. The solution is to ensure that your customer experience is a notch above others.

The key to a good customer experience is making customers type as less as possible. Just clicks should get them through the entire funnel. Traditional authentication methods don’t recognize this while BYOID methods like phone or email authentication do which exactly is why customers prefer them. Other BYOID methods could include fingerprint or iris based authentication.

What’s in BYOID for Businesses?

The only way for businesses is the way that works for customers. And BYOID works for customers because they don’t want to remember multiple username-password combinations. They don’t want rigid and opaque identity management systems. In the future, they probably wouldn’t even want to remember which social account they used to sign in to a particular website. It is imperative for businesses to adopt BYOID initiatives if they don’t want to lose their customers. In fact, some of the BYOID mechanisms improve security drastically since they have two factor authentication systems embedded within. Customers of this day want extremely high levels of ease, high security, privacy and transparency. BYOID is the only way customers can be satisfied.  
In the end, there is no gold standard for identity management because the Web is an open world. There is no identity giving out standard identities. That said, progress in the identity management sector will depend on how well identities are standardized. And BYOID can definitely help in that process.

Related Posts