Member identity systems haven’t changed much in 10+ years.
A member completes a registration form, like the one below, and they get a cookie to store to access the site in future.
There has been some innovation in simplifying the form and requesting the minimum level of information. Jive, for example, ask only for an e-mail address to get started.
Other platforms, like Discourse, allow you to login via existing platforms using OpenID Connect, OAuth and other protocols.
Some platforms, like the HuffingtonPost, are forcing members to sign in via their social accounts. This captures valuable data and (they claim) tackles negative behaviour.
Given the choice, however, the majority of members prefer to enter information using pre-existing sign-up forms. It’s a habit, they understand how it works, and it allows them to maintain their private identities.
This is the extent of innovation in member identity systems at present. I predict that six trends are going to change this;
1) Decline of e-mail
2) Privacy fears
3) Convenience of new technology
4) Security fears
5) Control concerns
6) Changing expectations of identity systems
We can tackle each individually:
1) E-mail: Declining use and rise of mobile
E-mails are the dollar currency of identity systems. They are the standard unique identifier that validate who we are. However, this identifier only works if everyone else expects everyone will keep using it.
If this changes, we’ll need a new unique identifier. This will be our phone number or a decentralized identity system that doesn’t exist yet.
Younger generations use e-mail less, if this spreads to older groups the change will be very sudden.
You probably don’t use e-mail to interact with your friends and family. Many teenagers have stopping using e-mail for anything other than verifying new social accounts. E-mail is increasingly the domain of employees. If anyone identifies a new communication/to-do list system, e-mail use could plummet.
I predict cell/mobile numbers will replace e-mail. It’s already part of the two-factor authentication system.
2) Privacy: Fear of abuse and quest to maintain separate identities
Until recently we didn’t give much thought to online privacy and security. That’s changed now.
Hacks may not be more common, but they’re being reported more frequently. Attacks may become too sophisticated for independent systems to provide adequate protection.
Members may seek more privacy from trusted identity providers or seek systems over which no-one has control (see later).
Increasing pressures on identity providers to make money will also lead to mistakes where advertisers overstep the mark.
Finally, most of us will increasingly want to maintain completely separate identities which don’t overlap.
We have 3 big privacy fears:
1) Will data be used in ways I dislike? (e.g. will I start receiving e-mails from wedding companies if I announce I’m engaged on Facebook? Will I suddenly find Flickr selling my photos for profit?).
2) Will I lose my anonymity/pseudonymity? (e.g. will community members I provoke track down my real-world identity on Facebook or other identity providers?)
2) Will data from one site embarrass me on another? (e.g. will logging in with Facebook to a Harry Potter Fan Fiction community suddenly alert my friends to my secret hobby? Will my work colleagues see my embarrassing social photos on Facebook?)
In most sectors, keeping separate identities is the crucial barrier preventing us from having a single online identity. We like to create unique, separate, identities. This is most true in topics considered unusual to mainstream, and sectors in health, wealth, and work.
I predict every identity system will require very specific privacy controls and most of us will use at least one pseudonymous identity provider in addition to our Facebook identity.
3) Convenience: Password fatigue and mental effort
The rise of OpenID, OAuth, Single Sign On and others is a sign of username/password fatigue. We may soon reach a point where remembering more names/passwords becomes impossible.
Convenience is simply whether a new system is mentally, physically, and more time-beneficial to use.
This has three components
1) Does this involve less mental effort? Does this system let me think less by taking on the burden myself. It’s hard to think of an available username, password, add a profile picture. Easier to pull it in from elsewhere etc…)
2) Does this save me time? The difference between 10 seconds and 3 minutes is huge here).
3) Is it less effort? It’s far better to click a few buttons and access the community than entering basic information, waiting for confirmation e-mails, filling out profiles etc…
A component of mental effort is whether I understand what’s happening. If I don’t, it invovles more mental effort which leads to less acceptance.
OpenID struggled to cross the chasm from techophiles to the masses because it’s complicated for the masses to use. OAuth 2.0 is simpler to use, requires no password, but gives the keys to the community.
I predict a standard protocol will emerge, similar to OAuth (if not OAuth) which connects in a limited fashion to existing identity providers and used by all communities.
4) Security: Better hackers and greater media coverage
Hacks might not be more common, but media coverage of hacks is greater than ever. A new hack is covered in depth every two weeks.
Our concern here is simple, will someone hack my password and do something malicious with my account?
For many of us, a hack could result in financial details being exposed or, worse, it might delete invaluable things like family photos, Instagram accounts, facebook accounts, archived e-mails with loved ones, etc…
Most people (including myself) don’t understand the complexities in compromising a user’s account. Instead they rely on media information and second-hand accounts.
I suspect we’ll either delegate security to third-party providers or have increasingly complex security systems (two-factor authentication at least) in the future.
5) Control: Fear of Facebook and quest for control
Many of us are increasingly worried about who has the ultimate control of our digital identities.
The network effect that comes with this control opens the door to many revenue -vs- privacy challenges. The provider has to make money but also protect the rights of users.
Some, like Fred Wilson, are supporting platforms like OneName which aims to create a decentralized identity system (similar to Bitcoin) which no-one controls and allows us to grant different sites/apps different levels of information.
These systems haven’t yet gained enough traction, but I predict at least one major decentralized system will emerge to cater to our privacy/security concerns.
6) Expectations
As time progresses, we will expect communties to offer the above attributes in their identity systems.
If a community doesn’t at least keep-pace with current technology, we might feel nervous about using it. This might be 3 years away, it might be 12 months away.
If your competitors are using something clearly more convenient, it might be hard not to switch. Or you might just want to stay one step ahead of rival communities by moving first.
I suspect OAuth and similar systems will first be optional and then required (along with an option to login using a decentralized identity system).
The expectations of what systems members will expect depends on the time it take for the system to cross the chasm and become the norm. For a rough idea, see how long it took for Facebook/Twitter to become mainstream among your audience.
What Do Members Care About?
All of the above are interrelated. Privacy is tempered by convenience which is tempered by security, which is tempered by control etc…
These questions will determine what type of system you will need to switch to when it does become time to change.
Younger audiences may care more about convenience. Enterprise consumers might care more about security. Health sectors might care more about privacy etc…But these are broad generalisations and you need specific recommenations.
It’s time to research what members really care about.
Ask them to rank each by importance, then the degree they’re concerned about each (1 to 5) and then highlight specific elements within each category.
Ask them about their e-mail use. How much time do they spend using it? Is this changing? Do they use it for anything non-work related?
Every community will have a small group of members who care a lot about a specific aspect of their identity (control, security, privacy etc…), the rest will fall somewhere within the continuum. Find out where they are on that continuum.
What new identity systems will look like
I predict will see new identity systems. At least one, probably Facebook, replacing current member registration forms and one, probably a decentralized, pseudonymous system, for communities we don’t wish to connect with our social activities.
Cell numbers will be the unique identifier and validator of our identities on these systems. These will primarily use OAuth, OpenID connect, or new protocals that reduce the reliance on remembering passwords.
How quickly this changes is up for debate. But it’s worth considering now.
You have On Feb 24 – 25, we’re inviting 250 of you to hear the world’s top online community professionals speak at SPRINT Europe in London. If you want to learn more, click here.
You have 43 days remaining to buy your tickets.
