Authenticate 2022: How Web 3.0 Will Reshape Authentication

All right. Hello everybody. This is Michael Cichon, Chief Marketing Officer at 1Kosmos. I’m here today with Robert MacDonald, our VP of Product Marketing. Robert, you recently went to the FIDO Authenticate conference. I want to chat with you about that. How was the event?

It was great. It was very well attended. It was in Seattle, so got a chance to go out west and attend the event. About 500 people or so. Very well organized, lots of really good presentations and met a lot of really good people while I was there.

Awesome. Well, let’s take a half step backwards. I’m familiar with FIDO and you probably are, but for folks who are not familiar with the FIDO Alliance, can you talk about what it is?

Sure. FIDO Alliance, it stands for Fast Identity Online. They’re a consortium that works at delivering a passwordless experience primarily for consumers. There is a workforce integration with them as well, but they’re trying to get customers secure access to things online is really their focus.

Okay, and step away from passwords. That makes a lot of sense.

That’s right.

Your presentation was interesting. The title was what? Web 3.0? What was the title of your session?

Yeah, it was How Web 3.0 Will Reshape Authentication was the presentation. Funny enough, like I said earlier, there was lots of presentations. Every presentation that I sat in on talked about passwords and talked about the timeline of passwords that the industry has gone through and how FIDO is going to help reshape that, which aligned very well into what my presentation got into.

Okay. All right, so let’s take this one step a time. Web 3.0. Just set the baseline. What is Web 3.0 or Web three?

Yeah, it’s known as either of those things and it’s the next iteration of what the web is going to look like. Web one, back when you and I were less gray Michael, was static read only webpages. That was kind of 1900’s into the 2000’s. Then Web two came along, which is kind of what we’re really used to these days. That had a centralized information centric content way about it. That’s your Facebook’s, your LinkedIn’s, YouTube, TikTok, all those kinds of things. Now, Web three is the next iteration of how the web is going to work and that promises more user-centric, decentralized, secure, and funny enough, private engagement online. Now we know that privacy in general online is a bit of an issue as it stands currently, but all of that’s going to change with Web three.

Okay. All right, so how does Web three affect the future of authentication?

Yes, that’s a good question. There’s a couple of things. From an authentication standpoint, what’s going to happen is that people are going to be more identifiable online. What I mean by that is that we’re going to have known identities as we’re engaging with people online. There’s going to be steps or processes involved where people will have a digital wallet and that digital wallet will hold their identity. That identity in that digital wallet will be used to authenticate people as we go forward in this new world.

Let’s just be clear about something here. The web is still a place where people can behave anonymously. I mean, kind of like walking through a crowded stadium. You’re not declaring yourself to everybody you pass by, but in certain instances, people want to declare their identity when they access their bank account, for example. They don’t want other folks declaring an identity that will give them access to that.

That’s right.

You’re talking about the digital identity for authentication or for logging in, correct?

That’s right. The digital identification for logging in and also just knowing who somebody is. If you look at the way in which identity is managed online now, all of these organizations own your identity. Facebook has an identity of you, Google has one, your bank has one, the government has one. Anywhere you’ve put in a username and password to some degree has a version of your identity, whatever that might be. That’s why you can log into things with your Facebook account or your Google account or your LinkedIn account as example, but they own your identity there and they monetize it in a lot of cases. That’s where the privacy concerns kind of come into play.

What’s going to happen now is that you are going to then own that identity and you’re going to choose to allow maybe Facebook or Google or somebody else to have access to it when you are authenticating. Instead of using the identity they’ve given you to log in, you’ll use your identity to log in where they’ve added, how would I say that? A debit card into your wallet. When you use your debit card to log into an ATM, that’s your identity to get that money out so they would put something into your wallet for you to be able to authenticate with your identity. Does that make sense?

Well, kind of, but we use the word identity a lot and I’m wondering why do I need an identity? I had passwords before. I’ll just use a biometric. Why do I need an identity?

Yeah, so I mean, identity, the way it stands now, it’s proof of possession. You have a username or yeah, proof of possession. You have something you know, you know the username and the password. Maybe you might get a one time password that goes along with that, but at the end of the day, it doesn’t really prove who you are when you authenticate into something.

What Web three is promising is that every time you now authenticate, I know that it’s Michael. It’s not somebody else using Michael’s username and password, it can only be Michael and I don’t want to say the seismic shift, but that’s the significant shift in all of this. It can only be the owner of that wallet which is cryptographically locked down. It has private and public. We won’t get into the background behind all of it, but at the end of the day, it can only be that person that owns the wallet that can authenticate and that’s really the big shift.

Okay, so if it’s a biometric, then it’s tied to the person or to the identity, so to speak I guess.

That’s correct. Absolutely, yep, that’s exactly right.

Well, did you have a chance to sit in on other presentations at the event?

I did. I got a chance to see a couple. I got a chance to see a bunch of them actually. It’s funny, almost every presentation had some sort of, I mentioned earlier a timeline of passwords and how passwords have been used over time and what we’ve done to try to mask or secure that password because as I mentioned earlier, all a password does is just it’s a proof that you know the password, it’s not a proof of who you actually are. The way in which that discussion was formulated was kind of fun to watch, especially based on what we do here at 1Kosmos. Everybody kind of started with that and where the future of FIDO and this identification online is going is exactly in our wheelhouse here at 1Kosmos.

Okay. Well, I mean the password has worked for 60 some years.

60 years. Yeah, absolutely, 60 years.

When you start to have 100, 150, 200 of these things, a little bit unwildly to private and-

That was, not to interrupt you, but that was an interesting stat. There was, a CISO got on stage and said on average people have 140 credentials for digital assets that they need access to. Whether that be things that you do at work, things that you do in your personal life, all of the different apps you have on your phone that require a username and password, all the websites that you want to have access to, all the things you have access to at work. There’s a lot of credentials out there that really don’t prove identity of anybody at all.

Okay, well, what were maybe one or two of the top questions that you were being asked when you were running through your Web 3.0 Presentation?

Yeah, the one question I got asked was how does that wallet transfer itself as we go through different use cases? That was a great question. Specifically workforce and customer. How does that, is there two or do you just use the one? The reply to that is just like your wallet that you carry around in your pocket, it’s used the same way.

When you go and start at a new job, they’re going to ask for your identification so you can share that identification with a new employer to fill out your I9, I think you guys have in the US. We have similar things here in Canada as well, but you’re going to use that digital wallet for that. You’re also going to use it for when you go to apply for a new mortgage or a new loan for a car or just trying to get access to government services. That wallet’s going to be the digital format of what you use today in a real life format.

Isn’t Apple doing things with a wallet?

Yeah, so there’s lots of talk around the new passkey which is coming. Which is Google’s and Microsoft’s and Apple’s version of this kind of digital identity wallet. There’s lots of discussion around that. It’s still really early on. You’re going to have a public and private key that you can identify yourself in the Apple environment or the Google environment or the Microsoft environment. The issue as it stands right now because it’s so early on, is that that’s not interoperable. There’s a bit of a hurdle there where it works within their own ecosystem, but as soon as you step outside of that, well now I need new wallets again. That kind of defeats the purpose. That’s still early on.

Okay. Was there any talk about the [inaudible 00:11:06] standards at all?

Yeah, there was. Being able to prove identity with a high assurance, there was some discussion around that and how organizations are going to go about trying to implement that in a digital first environment. Again, still early on from a FIDO perspective in terms of how they’re going to integrate with that. We know here at 1Kosmos, we have certified ways of doing that right out of the gate.

By the looks of it, Michael, everybody’s starting to turn in that direction, but they’re still trying to figure out how it’s going to work, even though we already have a solution that will more than get people there. That’s why I had such a high, I did have a very high turnout for my talk, just as an aside, which was great. A lot of people came to listen to a marketing guy talk which was pretty surprising. At the end of the day, there were a lot of questions afterwards around how do I verify identity and what’s that process look like and how are you going to store the identities and things along those lines.

Okay. Well, we’re going to put that presentation on our website here with a full transcript shortly. I know FIDO has been at this for quite a while, at least 10 years or so, evolving along this journey. I’m sure we’ll be participating next year.

We will be.

Looking forward to that.

Yeah, thanks for having me today. It was a great presentation. Lots of great feedback on it and go check it out on our website.

That’s awesome. I heard great things about it, Robert, good job.

Thanks, appreciate it.

Thanks a lot and have a good rest of your day.