Digital

Blog

European Commission Digital

"Bring Your Own Identity” – Private sector approaches to eID

©Adobe Stock

“Bring Your Own Identity” (BYOI) is a growing trend in the world of digital identification. It involves the re-use of a single digital identity to gain access to a range of different online services from either the public or private sector. Public sector eID schemes, for example Chave Móvel Digital in Portugal, or the German eID scheme, are one form of BYOI. However, a growing number of private sector organisations are also providing BYOI solutions for their users.

The recently published paper “Bring Your Own Identity - Business trends for eID" provides an overview of the approaches taken by these private sector BYOI providers, with the aim of also understanding what lessons might be drawn from them for public sector approaches to digital identity.

Origins of “Bring Your Own Identity”

The origins of “Bring Your Own Identity” can be found in the proliferation of digital services requiring different passwords to access them.  Many users have grown tired of the need to remember and manage these multiple passwords and identification procedures. In response, a range of different identification options have been developed by companies to provide a secure, user-friendly way to prove who you are. These solutions are reusable across services from retail, to banking, to entertainment. Also fueling the growth of BYOI has been the emergence of the big internet platforms – companies with large user bases with individual accounts which can be re-used for identification purposes.

Social media companies in particular are vying to provide BYOI solutions, but they are not alone.  Financial institutions and banks have a strong position in this market as well. Having developed strong identification solutions so that users can access their online banking offerings, they have in many cases moved sideways to offer identification solutions for other online services. Meanwhile mobile network operators are providing altered SIM cards to their customers which enable mobile identification solutions. Finally, a new set of dedicated digital identity companies and digital identity networks have sprung up, not necessarily drawing on any pre-existing user base but providing a secure and straightforward means of identification.

A closer look at social login

Social login is the name given to the identification and login solutions provided by social media companies. These solutions tend to rank high in terms of user convenience and experience, as users are typically able to create accounts with just a few clicks and re-use them across a range of other services. However, they rank relatively low in terms of the level of trust and assurance they provide. These accounts typically have no identity proofing phase where users prove who they are, and typically they are just password-protected rather than involving, for example,  two-factor authentication. As such they are not suitable for more sensitive situations where it is vital to verify who the user really is.

Just six big internet platforms dominate social login, accounting for 87% of the social login market: Facebook, Google Sign-In, Instagram, LinkedIn, Twitter, and Amazon. Among these, Facebook and Google  are in the driving seat, preferred by 41% and 35% of European users, respectively.

Lessons for public eID schemes

Public eID schemes are normally provided by governments so that citizens have a secure way to access online services. It may also be possible to use them to access private services, but this is less common. The BYOI solutions provided private organisations are more commonly used in the private sector, however in some countries we have seen their successful adoption for online public services. With the BYOI trend only strengthening, more national governments may start to consider how they can draw upon and use these private digital identity solutions. Likewise, with the European Commission currently considering a proposal for an EU digital ID scheme, it too may want to consider how this could relate to BYOI solutions. There are three main approaches that public administrations could take:

  1. Assess whether there are approaches they could adopt from the private sector, particularly in terms of usability, without compromising security and the level of assurance provided;
  2. Consider whether certain private BYOI solutions could be used directly to access online public services. This approach has already been taken, for example in the case of BankID in Sweden or ITSME in Belgium;
  3. Decide whether BYOI solutions could be used in a complementary manner together with Government eID schemes. For example, a social media account linked to a Government eID to create a social login solution where there is a higher level of assurance that the user is who they say they are.

Whether or not these strategies are pursued, it seems that BYOI identities are here to stay. Government providers of digital identity solutions will have to grapple with the drivers and context that led to their adoption. Whether through competition, or collaboration, they will have to find a way to coexist with the BYOI trend and the private solution providers linked to it.


CEF eID provides services enabling national eID schemes to be used across the EU. Private and public stakeholders can browse the CEF eID web pages to learn more about the mutual recognition of national eID schemes across the EU and how they can be used as an alternative to or in addition to the BYOI solutions describe above.