We are all familiar with the use of shared secrets for establishing our identity when we do business online or over the phone. These secrets are things like account numbers, our mother’s maiden name or a dollar amount from a recent statement.
Shared secrets are very useful because they significantly reduce the chances that an imposter can gain access to our information by guessing the information being requested. Shared secrets are also used when digital credentials are first established, and this is an area of significant interest in the public sector where potentially millions of users need to be efficiently enrolled into government services.
Further, both quantity and quality matter. As governments strive to move more services online, the question of ‘who is at the end of the wire’ takes on more and more significance. When digital credentials are being used to access confidential data, the impact of improperly identifying an individual can be catastrophic for both the public authority and the individual.
- A single shared secret on its own makes a poor choice for identifying an individual. In almost all cases, even those where non-confidential or low-value transactions are taking place, multiple shared secrets are needed to ensure appropriate identity assurance is carried out.
- The quality of the shared secret is also critically important. Using a secret that is relatively easy to obtain — e.g. a professional certification number that is displayed on a certificate in the individual’s outer office — is of less value in identity assurance than a secret that is known only to the user.
The best identity assurance schemes are therefore those that use multiple strong shared secrets — information that only the user would generally have access to and information that, typically, is not known by others.
This last point is somewhat critical. Sharing of confidential information in a household is very common: spouses open each other’s mail; report cards and bank account statements are left in plain view; and personal details such as birthdates are commonly known throughout the household.
A well-constructed identity assurance process must therefore also consider the degree to which shared secrets are known amoung a household, workplace or other group of individuals.
Fortunately government organizations have a wealth of citizen information in their databases. These stores of shared secrets allows a government system to select from a range of options when validating user identity.
An effective enrolment solution depends on carefully analyzing the strength and appropriate combination of multiple secrets in order to select the best ones for e-government applications.