5 Things You Should Know About Factor
Federated Identity
Federated Identity allows users to authenticate an account from one website and to create an account and log in to a different site. This authentication will also share a number of attributes about this user, like unique identifiers (ie email address). Third-party tracking scripts have the capability to scoop up this information, without users knowing. They can then connect that person data to their public social media profile. That information can be used to track users across other websites and devices. If you want to avoid your data from being collected, be wary of using federated login.
Factor
Factor is a Decentralized Identity solution built on blockchain technology. Focused on privacy and control of users’ data. Factor is a decentralized identity service for applications and services. It deploys a decentralized authentication model, which allows users to own their data and control who has access to it. Using assertions from third party identity providers to corroborate a person’s claim of a real-world identity.
Factor offers individuals unprecedented control and visibility of access to their personal data by third party data processors. Factor helps build identity assurance by combining user authentication with a set of attributes as identity factors. This allows Factor to provide verification for business transactions, for example, certain transactions above a certain amount can only be conducted by a customer that has been verified through a Know Your Customer (KYC) service. Factor maintains a provably accurate and tamper-proof on-chain audit log to demonstrate compliance and accountability with regulations, enable users to manage preferences, and maintain detailed records of users’ consent.
Factor enables users to manage preferences with increased control and ownership over their data. All transaction payloads (e.g. personal information, biometrics, health information, etc.) are stripped and protected inside a trusted storage environment, never to be exposed to the blockchain consensus process. The user controls where their personal data is stored (e.g. cloud, decentralized storage systems, personal device, mobile, another privacy blockchain).
Factor is built with the principles of privacy by design, as well as a GDPR-capable blockchain solution that doesn’t expose personal identifiable information. This guarantees personal data stored inside will be protected, with respect to user consent. Dragonchain lets users understand what happens with their personal data to give them granular control over its management and use. Factor allows users to monetize identity services, authenticate or provide an identity service, all while protecting personal information from tracking. Factor enables organizations to map human real world processes related to regulatory compliance to demonstrate due care with privacy policies. Factor is able to provide proof of compliance for all technical requirements (e.g. the right to be forgotten, subject access requests, data retention).
Factor Roadmap Progress
OAuth Vs. Factor. OAuth is a protocol used by websites and developers to authorize data access from a third party system. This model relies on a central authority (OAuth providers, e.g.: Google, Facebook) which must be fully trusted to not give out data without your consent. Factor allows users to own their data and maintain privacy by providing an additional layer of abstraction between personal information and the system requesting it. We call this abstraction a Factor, and it’s stored on an immutable blockchain in a way that is verifiable, without exposing the data itself. Dragonchain does not own your information, you do. No one can access your data unless you explicitly give it to them.
Factor API
With the recent deployment of the Factor API, Factor is empowering individuals and businesses to take control of their data. As advancements in blockchain technology continue to develop at a rapid rate, so too do its applications and potential uses. Blockchain’s ability to decentralize, retain control over, and selectively share parts of data positions it as the future of digital identity management.
The need for digital identity solutions has been an ongoing pain point for businesses, and has become increasingly visible with data breaches in recent history. In 2013, nearly 3 billion Yahoo user accounts were exposed, making it the largest data hack in history. This year, it was discovered that Cambridge Analytica harvested over 50 million Facebook accounts without their consent. On November 30, 2018, Marriott hotels revealed that they too had experienced a data breach, and the information of up to 500 million guests’ may have been affected, making it the second largest data hack in history.
5 things you should know about Factor
1. Eliminate intermediaries - Forget Google and Facebook
Google and Facebook login relies on centralized or federated identity models to provide authentication across multiple systems. The sharing of data across multiple parties blurs security boundaries and potentially creates privacy concerns. Factor eliminates third-party identity providers, by using blockchain proofs as a trust root.
2. Too much information
If you use Facebook login, you're not only using Facebook to authenticate, you're giving all that user data back to Facebook – and Facebook's partners. With recent data scandals, privacy is a growing concern.
One way to improve privacy is to use data minimization. Data minimization refers to the practice of limiting the collection of personal information to that which is directly relevant and necessary to accomplish a specified purpose.
Factor enables identity providers to issue “factors” or identity-claims to the users. These factors are a cryptographically verifiable credential that proves an individual has a drivers licenses, background check, or is of a certain age. With Factor users control and own their data, sharing only the information necessary, and no more.
3. Addressing GDPR compliance
It’s important to understand when deploying blockchain it can create unique GDPR challenges. It is sometimes misunderstood that “Blockchain's immutability is in conflict with the GDPR's right to be forgotten policy.” In fact, decentralized identity can be used to eliminate large stores of personal data. When personal data needs to be stored in can be linked on-chain but stored off-chain. Dragonchain can be used to automate the tracking and management of consent, including SAR and requests to be forgotten.
4. Phone numbers and social security numbers were never meant to be an identity
Using phone numbers or social security numbers for logins has grown in popularity. It's simple, it's convenient and it's secure. But phone numbers or social security numbers were never designed to be a universal identifier or a piece of data that links together your entire online life. It is being used as a way to target advertising. And there's no way to opt-out.
Factor can replace identifiers such as a phone number or email address. Factor can improve privacy, and preserve anonymity and pseudonymity.
5. Factor is the foundation for identity-based services
Factor gives users control of their personal data. Factor is an integrated solution that offers authentication, access control, and user policy enforcement to help deploy new services. For example, users can store their sensitive data—identity information, documents, photos, app data, etc.—in a way that prevents anyone from using their data without their explicit permission.
If you’d like to learn more about Factor, contact us.