It's hard to believe: every person has about 70 digital identities on average. Computers can use them to uniquely identify people. If real people want to interact in the digital world, they therefore need digital identities.
We all use digital identities every day without being aware of it.
It sounds like the science fiction epic “Matrix”, but it is actually commonplace. People, but also devices, have electronic or digital identities (eIDs) in order to participate in processes on the internet. This is the only way to uniquely identify persons or objects in data form. The digital identity of a person can be determined, for example, by a user name and the corresponding password. In addition, smart cards or biometric data such as fingerprints or facial characteristics can be used.
Depending on which features and attributes are stored to determine identity, eIDs have a low (username and password) or high (surname, first name, date of birth, fingerprint, etc.) level of security.
Machines also have digital identities, because they can also be clearly distinguished from each other on the basis of different characteristics. In addition, digital proofs such as the electronic identity card or service cards as well as confirmations (e.g. Covid vaccination certificates) are among the eIDs.
Why do we need eIDs?
eIDs are fundamental elements of electronic communication. If you want to post a message on social media or order something in an online shop, you have to log in to your user profile with your credentials and thereby confirm your digital identity.
This also applies to devices. From smartwatches to machines on large production lines, devices have their own eIDs. Especially in digitally networked production (Industrie 4.0) and the Industrial Internet of Things (IIoT), they are the basis for secure communication. Many machines communicate directly with each other in production processes or with systems for resource planning, maintenance or warehousing. This is made possible because authorisation for task distribution and access is controlled via the digital identities of the machines.
Why is the protection of eIDs so important?
If unauthorised persons come into possession of a digital personal identity, they gain access to personal data. They can modify or duplicate the identity without permission in order to use it for their own purposes.
Stolen machine identities provide gateways for cybercriminals. They can use them to penetrate the company network and bring all computer-controlled processes to a standstill.
How do you protect digital identities?
To protect eIDs from theft or manipulation, the following measures can be taken, amongst others:
- Keep access data and identification features particularly secure. Use cryptographic keys and digital certificates for this purpose.
- Provide users only with the minimum necessary authorisations and set up guidelines for password assignment.
- Closely monitor machine identities so that irregularities are noticed immediately.
- Always apply updates promptly to close security gaps.
- Automate the management of digital identities in the company. This way you can keep track of the growing number of identities and react to changes or deviations at any time.