Managing identity for Web 3.0, the metaverse and beyond
The existing KYC requirements for payment and financial institutions necessitate verifying identity, but eroded trust with consumers from large digital platforms make it that much less likely that a consumer will volunteer personal information during the authentication process. Additionally, problematic one-to-one relationships for consumers haven’t kept pace with behavior and technology, creating more frustration for users who need better and more seamless authentication experiences.
How can we contextualize these challenges while addressing the real need for both privacy (on the consumer side) and user verification for the enterprise?
The end of the road for one-to-one user verification systems
In the earliest days of the pioneering dot.com space, users were forgiving. Website interaction and ecommerce were treated like novel experiences. Consumers adopted digital, and very flat, web experiences mostly as a complement to existing in-person services. Digital banking, for example, was a real-time alternative to a paper monthly statement.
In the early aughts, those same consumers were satisfied with digital spaces that were addendums or “nice-to-have” features that complemented the analog world. The onboarding process for those complementary digital realms likely already took place in person. If you were logging into a bank account, you likely already opened that account at a bank branch in person, and so on.
The onboarding process that exists today is somewhat of an artifact from the analog era. In the two-plus decades since, digital natives never enter bank branches—they open credit cards online exclusively, and abandon onboarding and account creation when it’s too onerous.
The problem is, the one-to-one (one login or authentication per each service) relationship between consumer and vendor has mostly remained in-tact… and it’s one that largely favors the vendor. KYC processes can meet security needs, but digital natives and savvy internet users today are far less likely to share their personal data over and over again, due to the understandable concerns around personal data privacy and security.
The pressing realities of Web 3.0 are already here
A digital consumer today is asked to manage logins for hundreds of different online services from ecommerce, government services, financial institutions, entertainment apps, communication services, etc.
Additionally, a remote workforce is now utterly reliant on telecommuting apps (Slack, email, calendars, video teleconferences services). Those GenZ and Millennials workers will also:
- Complete all their hiring paperwork digitally
- Rely on mobile devices for more financial transactions and shopping
- Use digital wallets from major providers (Google, Apple)
- Be far less willing to provide government IDs for all online transactions due to privacy and security concerns
Employers may be asked to verify the identity of an employee they’ve never met in person. Today’s verification and security protocols aren’t sufficient to prevent identity theft, fraud, age verification, and so forth. There have always been limitations and frictions of an enterprise environment that’s been asked to sell us toilet paper as well as encrypt our username and passwords. Future identity platforms can satisfy privacy for user identity while also ensuring that digital platforms (and the physical realms they service, like an Uber or Airbnb) remain safe for all their customers and stakeholders.
The unique facets of Web 3.0 identities
The myriad applications of Web 3.0 are likely to illustrate the critical need for user-centric digital identity. Users will expect granular controls over how and when their information is shared. If Web 3.0 truly consumes all aspects and functions of our transactional existences (particularly from mobile devices), users will need to “unlock” different aspects of their identities depending on the use case.
Let’s go back to digital natives and Gen Z users. They will understandably not want to share the same aspects of their personal data and information to get a driver’s license than they will to set up a dating profile. They will want some of the information from the dating profile to be completely gated from a potential employer.
The current technologies often associated with Web 3.0 (like blockchain) to some extent make identity immutable. When key and unique identifiers can be associated with a user permanently, it could be that much easier to tie any online activity back to a specific user even when they anonymize themselves elsewhere.
Paradoxically, while Web 2.0 offered more friction, in many ways, it also offered far more anonymity. The enterprise space was willing to accept a mostly anonymous user and those users were largely patient when it came to keeping long lists of usernames and passwords on a hopefully encrypted (fingers crossed!) hard drive.
In the Web 2.0 space, the awkward handshake between providers and users went something like this: Users reluctantly accepted that their identities were worth money to large-scale Web 1.0 platforms that sold them to provide free services back to those users. Today’s digital natives are not so inclined to accept that relationship. As Web 3.0 evolves, all service providers have an opportunity to rethink the very nature of identity in a more user-centric way.
To get to that end game, stakeholders on the provider side will need to lean into open cooperation and collaboration for shared identity standards. Those standards will need to provide flexibility for users who understand that in some instances, more of their identity is required.