The internet grew without an identity layer, meaning it grew without a reliable way of knowing or verifying who you were connecting to. In the early days of the web, its users accounted for a relatively small group of scientists who all knew each other and who had access via technology that was not widely available. Verifying the identities of web users is fairly simple in a closed group. However, as the number of internet participants rapidly exploded over the following decades, with millions of strangers connecting to strangers, no identity layer was implemented. Unfortunately, today we have been left with a version of the internet with broken authentication and identity verification practices.
The State of User Authentication
As a user, you have logins and passwords stored on sites across the web. Each platform requires users to have unique login credentials that they store server-side, which creates identity siloes. This also means that users have to engage in a “shared secrets” paradigm, where they trust services to securely store these credentials. Unfortunately, services don’t have a great track record of doing so: currently, 61% of all data breaches involve stolen or hacked credentials.
In an effort to improve the security of individuals’ credential management, people are being asked to follow complex password requirements, have unique passwords across platforms, and be vigilant about sharing information online, all while still having to trust platforms to securely store their data.
Yet the problem isn’t in how “crafty” your passwords are or aren’t; the issue lies in the architecture behind password storage and authentication. Since the current model is siloed, passwords, social security numbers, and other identifying attributes are stored on the server-side of the organization you are connecting with. These attributes have no business sitting on corporate or government servers and should originate from the users themselves.
There should be no main repository of data for malicious actors to plunder from— decentralizing the traditional siloed model. Corporations have been working to better mitigate security risks for individual users/workers/vendors/etc. So far, the consensus is to start planning for a architecture. The only problem is that big business is still only in the planning phase.
But the innovative team at is already three steps ahead. NuID is taking the zero trust security framework from the concept stage and putting it into individual user’s hands with their Nu Identity Ecosystem.
Digging into the Nu Identity Ecosystem
NuID was founded to improve the siloed, shared secrets authentication approach we have today. They have already built and brought to market a trustless authentication API using a to stop enterprises from storing user login credentials server-side. When a service deploys the authentication solution, passwords never leave the user’s device, meaning they don’t have to trust anyone with them, including NuID.
Yet this still leaves consumers relying on the online organizations they participate in to use technology like NuID. Now, NuID aims to empower individuals with a new paradigm of digital identity through trustless authentication for services and a portable, device-agnostic identity model for users.
Individuals will represent their identities with their zero-knowledge authentication credentials, stored on a public blockchain, and services will deploy the NuID trustless authentication solution. The reciprocity between individuals and services will grow a robust Nu Identity Ecosystem which will make the internet more secure and return data ownership to individuals.
In other words, the Nu Identity Ecosystem will remove control of individual data from corporations, governments, and other organizations and put it in the hands of the individual. The decentralized identity ecosystem will provide the missing identity layer to the internet, especially important as we move into the web3 future. NuID’s user-friendly interface to cryptography will give consumers the security and benefits of Public Key Cryptography whether they are rolling a 401K to a new custodian or transferring education transcripts from one school to another.
So how could this work? During registration, a user’s device is used to generate “public reference parameters” from the user’s authentication secret, such as a password or biometric. These parameters are non-sensitive and can be shared openly, much like a public key. The reference parameters are immutably stored on a distributed ledger. NuID is building upon their existing method of generating reference parameters for authentication secrets to include other types of identifying information one might share online. With new information registered, NuID’s protocol will recognize a novel official identification credential, and a record of authentication is appended to the public ledger.
The immutability of the blockchain and the format of these credentials lends itself to an environment in which users are in ultimate control of their credentials, whether they are login related, educational, payment related, or healthcare oriented.
The Nu Identity Ecosystem will give individuals power and peace of mind when it comes to sharing information online by making transactions and information sharing painless, without having to trust a third party. Be on the lookout for announcements about the end of today’s fragmented and centralized identity paradigm through development of the NuID Identity Ecosystem on , and on r and .