From DigiByte Wiki
Jump to navigation Jump to search

What is Digi-ID?

Digi-ID is a security protocol built on DigiByte blockchain technology that empowers users to effortlessly sign-in to websites, applications, and even into the internet of things – building entrances, for example.

Digi-ID eliminates the often frustrating username and password requirements for authentication. With DigiID, the hassle of keeping track of various usernames and passwords is a thing of the past. Digi-ID works by automatically generating a unique Digibyte address for each site, application, or product for which a user needs authentication. Because Digi-ID uses public / private key cryptography, there are no passwords or usernames at risk. This method not only protects the consumer, it also protects the website or services that the consumer uses. Even with otherwise outstanding security, should a consumer re-use credentials from another vulnerable site, that consumer puts other users’ data at risk. Digi-ID eliminates all of these security issues.

Digi-ID does not collect or store any data about its users. This means there is no liability from using a third-party “identity” service, nor will the website or application inadvertently collect any data from a user unless the service explicitly asks for it. This further strengthens the security while also bolstering end-users’ confidence that their data is neither tracked nor at risk by others’ negligence. With Digi-ID, there are no central servers storing personal information. Through true decentralization, there is not external point of failure for a hacker to target to exploit your platform. Further, because Digi-ID does not save any data to the blockchain, none of a user’s data is at risk of being hacked or stolen.

Digi-ID is completely free; there are no fees, subscription services, or maintenance costs. There is no advertising or tracking. Digi-ID’s cost is its second best feature. Its primary feature is that, in accordance with DigiByte’s security prioritization, Digi-ID is a more secure, yet simple method available to log in to websites, applications, and products. Digi-ID is so versatile, it can be used to secure the front door to your house. Since it is built on DigiByte blockchain technology, Digi-ID is anonymous and allows for unlimited scalability while promoting GDPR compliance.

How difficult is it to integrate Digi-ID?

It’s easy. Digi-ID is easily integrated into an existing authentication system. Even if a company wanted to retain the traditional username and password authentication methods, Digi-ID would provide an optimal, more secure login. Examples of such custom integrations can be found here: https://digi-id.io. More examples are available on GitHub. Where a plugin is being used – WordPress for example – integration only takes a few minutes. There are big benefits – in addition to increased security and improved user experience – for the first companies to implement Digi-ID. The DigiByte community is an expanding, diverse, worldwide community. Companies who support DigiByte by integrating Digi-ID will receive support from the growing DigiByte community. The DigiByte community is active on Twitter, Reddit, and other forms of social media. The community enthusiastically promotes companies who integrate DigiByte’s technology. Being one of the first companies to use Digi-ID for login security would create an industry-wide change that will shift the security paradigm. Implementation of this improved security protocol will likely be picked up by traditional news services. No amount of paid advertising will match the buzz of this word-of-mouth, social media, and cutting-edge-of-technology media blitz. The pioneering websites and companies will gain tremendous notoriety and become the model others will emulate

Why is Digi-ID better than Two-Factor Authentication?

Two-factor authentication (2FA) has seen a rapid rise in popularity over the last few years. So, too has malicious actors’ creativity in overcoming the 2FA security protocol. The most common means is by subverting the widely-accepted-yet vunerable SMS-2FA security message. A thief can easily use stolen personal information to contact your mobile phone service carrier and move your telephone number to a new SIM card. More sophisticated thieves can intercept the SMS security message using SS7 technology from the 1970s. Digi-ID removes the cellphone number as a requirement for authentication, thereby eliminating these most common tactics to breach your security. Timed one-time passwords (TOTP) such as Google Authenticator or RSA SecurID-based key-fobs are not immune to security breaches. We’ve seen Google no longer use them due to the limited hindrance they provide an attacker. These methods also diminish the user experience. Conversely, Digi-ID’s simple method streamlines the user experience and markedly increases security.

Would Digi-ID have prevented the biggest security breach in Facebook’s history?

Yes. Digi-ID creates a unique identity for each website and service that a user accesses. The identity supplied with a Digi-ID authentication request contains no personal data. With no personal data being shared between websites using Facebook’s authentication application program, there is no chance for a data theft of a user’s information. Moreover, when a user signs into a website or application, she only authenticates with that login directly. No data goes via any third-party. This third-party data transfer was the source and cause of the recent Facebook breach. Further, if there was a breach to the application or website where the Digi-ID system is used, the impact of the website’s security breach would be minimal, since no data supplied with Digi-ID can be re-used elsewhere on the internet.

Digi-ID external links

Digi-ID explanation video

Digi-ID Website

Digi-ID Integration

Supported Websites