- 1 Have you ever heard about digital identity?
- 1.1 Digital identity, what is it
- 1.2 Italian electronic identity card
- 1.3 How the system works: protection of data
- 1.4 Digital Identity’s Public System – SPID: P.A. and privates
- 1.5 How to protect yourself
Have you ever heard about digital identity?
Probably, yes, but you just have a general idea of what the digital identity is, basically.
If in the past, the digital identity was different from the one in the real life and the anonymity was the rule, things have changed now, because someone could have more than just one identity and not linked to each other.
Thanks to platforms like Facebook and Google, and to their control and transparency politics, indeed, the idea of authenticity is getting more and more popular.
Digital and real identities are increasingly linked: the profiles that are believed to be fake get removed and the web interactions are interconnected, in order to create a big single profile.
Let’s try to find out in more detail what we’re talking about, what is their use for privates and companies, and how important the related info and data protection is.
Digital identity, what is it
Let’s start saying that the digital identity is that set of information and resources that a digital system provides to its users behind an identification process.
It’s about the general information related to a certain user on the web, whether if it’s a physical person, a company, institution or even a brand.
The level of reliability and the quantity of required information change based on the type of transaction needed: the more complex is the transaction, the more complete the digital identity has to be.
In addition, the aspects related to the privacy that are not relevant to the transaction we’re talking about, have to be preserved.
The digital identity is composed by two parts:
• the identity itself, which means the identification of the subject;
• the attributes of the identity, which are the details of the subject, that can change a lot and have many different applications.
An identity that could be considered complete is complex and has both legal and technical implications, even though an ID or a username and a password is usually more frequently used for the identification, also called authentication credentials.
The system, through which we prove that the digital identity really matches the one of the subject, is called authentication process.
The advice is to resort to a number of factors, or multifactorial, authentication instead of the one with just a factor.
In the last case, indeed, we deal with just username and password, so it’s a less safe system, while in case of multifactorial authentication, there’s a higher level of security, because it happens through many systems, like with a physical security key, a smart card or a magnetic card plus a password.
We can further increase the reliability of the authentication if we add biometric information, such as digital fingerprint, vocal or facial or iris recognition.
Italian electronic identity card
Nowadays, the tools for authentication provided by the Digital Administration Regulations to access to the websites of the Public administrations are the Italian electronic Identity Card and the National services card.
Til the end of 2007, alternative modalities were allowed as well, but just on a transitional basis and until the thorough adjustment of the system to the legislation.
Now, the co, of the art.64 of the Digital Administration Regulations provides that the Public Administrations can allow to access to their web services that require the digital identification with tools different from the two cards, on condition that these permit to individuate the user that requests the service.
It’s been activated SPID, which means the Digital Identity’s Public System, through which it’ll be possible accessing with a single system of details to every online systems of the Public Administration.
How the system works: protection of data
Once the identities are confirmed, usually you get the authorization to use it, while in other cases, the access control can permit or deny the access to private information, or to permit the access to paid for services or products.
The system has to be capable of guaranteeing the safety of the information related to the identity, avoiding that third parties might tap them.
Moreover, it’s important that the data are kept intact during the transmission, in a way that the forwarded document by the digital identity is the same that arrives to destination, without it being damaged.
To do so, we use encryption techniques with private and public key, and the digital signature, through the technology that is called Public Key Infrastructure (PKI).
This system is used as well for guaranteeing the proof of the source, functional to the integrity of the data, in order to demonstrate what specific identity has signed and transmitted the data.
Digital Identity’s Public System – SPID: P.A. and privates
As we’ve already mentioned, SPID is the Digital Identity’s Public System that allows the citizens to access safely to the online services of the Public Administrations and the privates that join.
From November 2019, more than 5 millions of SPID digital identities have been released.
The Public Administrations have to make accessible online their services through SPID, and this can be done freely also by companies and privates, in order to simplify the use of their digital services.
SPID and UE
From September 2019, SPID digital identity can be used as well to access to the online services of every UE’s Public Administration.
Periodically, the European Commission publishes in the GUUE the list of the authentication tools, notified by the member States.
Nowadays, because of the technology and the internet evolution, the spread and the sharing of personal data online have increased , and with them, the identity theft phenomenon as well.
This easily happens on the social medias with the creation of fake accounts made by third parties, especially when the personal details are not very well protected by the users.
The identity theft happens when they take the access details, making phishing or acquiring information and personal data, in order to replace the victim and access to the digital systems.
How to protect yourself
Always keeping your eyes open is important and it will allow you not to fall into the “traps”, scattered all over the web, and to prevent potential damages due to identity thefts.
Here, there are some advice.
Avoid public Wi-Fi connections
The public Wi-Fi connections are very useful, but also less safe, therefore, we suggest you not to use them to connect to online stores or home banking sites.
This way, you’ll avoid that some hacker could intrude into your navigation and gather important information, such as IDs and passwords.
Prefer a safe proxy server or a VPN, which guarantee a greater privacy for your online activities.
Upload periodically softwares and apps
The uploads are intended to solve potential bugs and to reduce the vulnerability of programs and apps.
The best choice is to set the uploads as automatic.
Be careful with suspected e-mails
Better safe than sorry is a motto that’s worth it, especially when talking about e-mails.
The most typical case is the phishing phenomenon, through which the hackers pretend to be companies, services or trusted people, maybe using their own email.
The aim of the message is to push you to give information and personal data, sometimes leading you towards a fake login page, or making you download a file, that it’ll turn out to be a malware.
Be careful when communicating your email address
In many cases, opening many online accounts exposes you to the necessity of inserting an e-mail address, even though it’s not really necessary.
The advice is not to create accounts unless it is explicitly required, or to create a secondary email address for the sites that ask for it in order to sign up, so not to expose your main one to risks.
Use complex passwords for every account
Using the same password for more than one account is the most efficient and fastest system to give access to your digital identity: choose a different password for each site you’re signing up.
Moreover, avoid lame and predictable passwords.
They’ll be more hard to remember, but you’ll gain in terms of safety, and you’ll make at least difficult for the hackers to do their job.
If it scares you, you can always try with the Manage Password system!