The current methods for identifying people and the current sets of “identity documents” are old (pre-internet) and static (e.g. SSN and birth certificates don’t change) and are not working. With advances in both technology and our understanding of the identity ecosystem, exciting new forms of identification are possible – these include methods from the four principle domains of identity:
- What you are (biometrics)
- What you have (tokens, two-factor authentication)
- What you know (advanced KBA)
- What you do (keystroke recognition, shopping patterns, geolocation patterns)
Are there other categories of PII?
Which of these approaches will provide the most security, convenience, scalability and ease of implementation?
How can we create tools for enrolling and authenticating identities that are more durable and reliable, yet at the same time less valuable to criminals?