Identity may be a difficult-to-define concept that has stumped philosophers for centuries. But when it comes to security offline or online, the topic boils down to evidence and proof. What determines that someone is who they claim to be? In the physical world, that question is generally answered by people providing various forms of identification—often, two forms of government-issued photo ID or other documents such as birth certificates and utility bills. Similarly, in the digital realm, identity is best proven when users present multiple “factors” to authenticate themselves. But it wasn't always this way. Digital identity, prior to the cloud The use of passwords to secure digital identity dates back at least to MIT’s Compatible Time-Sharing System, a project from the mid-1960s. The system had multiple terminals for multiple users, and each one needed access to their own private set of files. Administrators decided locking each individual account.