The Rising Importance of Identity Proofing

Learn why Top Industry Analysts consistently name Okta and Auth0 as the Identity Leader

Identity proofing uses biometrics, security questions, documents, and other information to verify one’s identity. Standard identity proofing questions you might be familiar with include the name of your first pet or your birthday. When this information is stolen, it means hackers not only have access to your details, but they can easily get details of other customers or patients from the company they hack into. This personally identifiable information (PII) can include payment details, date of birth, and social security number or driver’s license number, which can all be exploited for fraudulent transactions. Finding simple, effective, and secure methods for identity proofing is extremely important for modern organisations. Checking passports, drivers’ licenses, or other physical forms of ID on every login is not scalable. However, having that level of comfort in these safety measures is important.

Why identity proofing matters

Data breaches are, frustratingly, a common occurrence. Although research shows that fewer people were impacted by data breaches in 2021 compared to 2016, millions of people still have their personal information compromised by hackers on a routine basis. It still takes as long as six months for most data breaches to be detected. By then, all kinds of personal information can be bought and sold on the dark web. The regularity of data breaches shows how important it is for companies to take identity proofing seriously.

Definition of identity proofing

In short, identity proofing is the process in which a computer verifies that you are who you say you are, based on provided information. This may go beyond a simple login name and password. It is the equivalent of someone at the desk at the airport checking your identity documents before you get on an international flight. Your identity might seem like an obvious concept, but for institutions that use computer databases (which, nowadays, is all of them), your identity is a different set of information than what you believe your identity to be. To a computer database, your identity is a collection of records or attributes associated with that organisation. One single attribute, like your eye colour, is usually not enough to identify you against other individuals who are customers of an organisation. Proper identity proofing can require multiple pieces of evidence to prove a customer’s identity. Once that information is entered in the first stages of a customer’s lifecycle with a company, it should be easy enough to refer to those documents when the customer returns later. The National Institute of Standards and Technology’s (NIST) Special Publication 800-63-3, Digital Identity Guidelines states the importance of collecting and assessing more than one type of identification document or related biometric information to conclusively determine a new user’s identity. The changes to these standards have been instituted for many organisations, including signing up for bank accounts, educational institutions, o