In the decade-spanning conflict between the need for online privacy and efforts to stop fake accounts from accessing sensitive info, the tech monolith that is Microsoft is putting its massive weight behind the creation of standardized online identities.
In its announcement Tuesday, Microsoft talked up its Entra management systems that includes Verified ID, promoting itself as a quick way of giving sensitive identification to entities that need to verify that you are who you say you are.
In its release, the company said that old means of restricting electronic access was “no longer sustainable” because of how digital estates have become “boundary-less.” What that really means is people abusing fake accounts to gain access to sensitive online networks have created a host of issues for private companies, governments and more. Microsoft itself has been targeted by hackers who managed to access company information on Microsoft’s Azure cloud computing platform. The LAPSUS$ group of hackers has previously called on tech company employees to give them sensitive info.
In at least a few of these cases, hackers were able to gain access to sensitive networks by using stolen account details to log in. Recently, reports showed hackers were able to gain user data from tech companies by posing as law enforcement officials.
Instead of having personal information spread across a host of apps and services, this Verified ID system acts as a kind of digital wallet or personal info portfolio that can be handed over to employers, bankers, or whoever needs a verified identification. Ankur Patel, Microsoft’s principal programmer for digital identity, told Protocol the new system could include college diplomas, bank notes, or even doctors’ notes for a clean bill of health. Those who create and issue verified IDs can also suspend or invalidate credentials after they’re issued.
The new system, which will be available in early August, wants to be useful to companies, governments, or any system that requires identification. Users are able to pick and choose what ID goes into their digital account. Microsoft said entities that require documentation could verify a person “in less than a second.”
It’s true that having personal ID spread all throughout the internet has led to no small amount of trouble, but one thing the tech giant hasn’t clearly explained is its own system’s security. The company said Verified ID is based on “decentralized identity standards,” but has not revealed too much on how its system will make sure bad actors won’t easily gain access to individual user’s digital identity wallet.
Part of this Entra system is Azure, which as noted before has been subject to hacks. The system advertises it uses multi factor authorization, location and device confirmation along with automated systems to detect security threats. Microsoft has been gobbling up security companies in the five years the company has apparently been working on Entra, citing their integration with services like Azure.
Social media companies have normalized the idea behind verified accounts, which require users to give those companies physical identification to prove who they are. Though this system has also proved to be full of holes in the recent past, allowing hackers to walk away with user’s personal information. And of course, that’s all before a company like Twitter “accidentally” hands over that personal information to advertisers. Just last week, Twitter was forced to pay $150 million to the Federal Trade Commission for handing verified user data over to marketers for the purpose of targeted advertising.
This latest announcement seems to be a part of a bigger push among big tech to consolidate user identity not just across different sites and apps, but across devices as well.