Yearly Archives: 2020

Exploring Facial Biometrics. What is it?

Contributions made by members of the DIACC’s Outreach Expert Committee

In 2017 Apple unveiled a new biometric sensor in its flagship iPhone X, and the media couldn’t stop talking about “Face ID.” Fast-forward three years: Face authentication has been well received by users, and face scans are now employed to unlock Google’s Pixel smartphones, as well as devices from many other top-tier manufacturers. And now, Governments and enterprises worldwide are looking to facial biometrics to address their need for trustworthy remote identity verification during and after the global pandemic. And it makes sense, we interact with other humans by seeing, being seen, speaking, and listening, so naturally, our interactions with technology will also evolve toward our most selected for modalities.

In some countries, remote face verification is already being used to prove user identity for many important applications. From remote citizenship verification to pension payments to accessing government services, the face modality can provide a secure way for users to prove their identity without the need to appear in person at a specific location. This tailored biometric technology enables unsupervised users to prove who they are remotely with the devices they already own. 

This blog post defines the most common types of facial biometrics and explores the role that face verification and authentication will play in the future of digital identity, in addition to setting the stage for more in-depth posts on topics such as how user data and privacy are managed, the impact of COVID-19 on face verification, new advancements that enable unsupervised remote access and account creation, Liveness Detection, as well as the more technical aspects of this evolving biometric technology.

There are three common uses for facial matching technology:

  1. Verification answers the question, is this person legally who they claim to be? For example, where a business has a need to confirm your existence, a KYC (Know Your Customer) file can simplify the process to identify you by matching your selfie against the photo which is loaded on your passport chip or to the source ID photo stored in a government database. A digital photo of a user-provided ID Document can also be matched against, but since it is not verified with the issuer of the legal identity and high-quality fake IDs do exist, it provides a lower level of assurance and results in added controls used by companies to compensate for this.
  2. Authentication leverages the ability to match one’s previously enrolled biometric data to log into a device, a website, or application. Face Authentication offers the balance of security and user convenience long sought by consumers.
  3. Recognition seeks to match face data from an unknown individual and make their identity known by finding a match in a database of known faces. This has been known to be used in some countries by law enforcement and border patrol where the person may have limited or no awareness that the face scanning is taking place and have not provided their consent.

Regarding the three uses outlined above, the verification process is of high priority to the public and private sectors alike. Verification through facial biometrics is an approved method of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), enabling Canadians to open a bank account without physically visiting a branch. Additionally, in July 2020, the British Columbia Government launched their Send Video feature within the mobile BC Services Card to meet the increased demand for alternative ways to verify a person’s identity in order to activate a mobile BC Services Card and, in turn, making it easier for provincial residents to access online government services during the COVID-19 pandemic and in the future. In these instances, the individual is aware and has consented for their identity to be verified for a product (i.e., account opening) or service (e.g., applying for a driver’s license, services card, or passport).

Verification also addresses the justified concerns regarding privacy. A GAO’s report, The International Biometrics + Identity Association’s (IBIA)Principles for Biometric Data Security and Privacy, states that technological constraints around some facial biometric technologies drive a need for all commercial and civil government applications, organizations to protect biometric data retained by using biometric one-way template transformation. New practices will likely require a liveness detection layer as well, especially when the biometric data is captured in an unsupervised environment. In addition, the IBIA’s Best Practices state that it is good practice to maintain a separation between biometric and associated non-biometric personal information.

The impact of large data breaches is both a significant privacy intrusion and direct financial impact to society in covering the losses due to crime and controls to prevent it. Facial Biometrics can dramatically reduce the criminal demand for data when used for both verification and authentication as a replacement of Knowledge Based Authentication (KBA) by limiting the ability of this information to be used for account takeovers and identity theft. It also has a beneficial side effects by reducing the need for customers to provide unrelated personal information. Knowledge questions such as requesting your mother’s maiden name to open a bank account is a direct contrast against the privacy principle of only collecting the information needed for the relevant purpose. With no reasonable expectation that Data Breach frequency will decrease in the future until wide-scale Knowledge Based Authentication has been replaced, biometrics have begun to bridge the confidence gap, while reducing the added friction.

Policymakers, privacy advocates, and regulators understand that new technologies are being added to existing facial biometric matching to render leaked personal data useless and ensure that any leaked biometric data is both isolated and encrypted to reduce the impacts on individuals from an identity fraud perspective. Liveness detection technology, for example, prevents malicious users from reusing biometric data by requiring a 1st generation capture of new data every time for verification of an individual. It is also common practice not to store face images in databases unencrypted; instead, photos are converted into data in a string of numeric values commonly referred to as a biometric template. 

Face matching and Liveness Detection are powerful technologies that, when combined, enable privacy-preserving biometric use cases like replacing easily guessed or compromised passwords and health-preserving social-distancing use cases like remotely opening a bank account. Many are starting to agree that these security and usability benefits are a tremendous improvement over the previous generation of authentication methods.  

In short, for the purposes of allowing a user to positively identify themselves from their own device, only face verification and face authentication are employed. Face verification creates trust, while face authentication maintains it. Both functions are covered in the Pan-Canadian Trust Framework™ that is intended to support a robust digital identity, trust ecosystem that will allow all Canadians to do more online, in a safer, more secure, and confident way. 

Making Sense of Digital Wallets

Guidelines for Design

Recent advances in the state of the art of digital identity systems are putting the user back in control of their information and their privacy. An important building block of this advancement is the digital wallet for users. This document proposes what a trusted digital wallet should aim to do. Without it, software developers are left to guess, the marketplace offering will be fragmented, and ultimately will result in delaying the adoption of user-centric digital identity solution.

Download the paper.

Making-Sense-of-Digital-Wallets_VF

Help Define and Design the Future of Canada’s Levels of Assurance with DIACC

Online transactions, interactions, and service delivery are no longer aspirational end-states. In the wake of COVID-19, digital has become the default for many Canadians and industries. Making that default work long-term means earning and maintaining trust for people and platforms. Levels of assurance (LOAs) create a clear roadmap for developing that confidence, both for teams offering and people accessing services. Learn more about LOAs in our recent post to understand why they matter to Canadians, where we’re at and where we go from here.

“Making sure we have a common way to evaluate and measure the integrity of that data is central to a common bar of acceptance,” DIACC President Joni Brennan explained. To get a better understanding of how LOAs are a core factor in the future and success of digital platforms, we spoke with Joni and George Watt, Partner, Strategy and Lean Innovation Practice at Becker-Carroll. George has extensive experience leading and developing innovation and security with global enterprises.

Why are Levels of Assurance so important right now? 

George Watt: The pandemic accelerated the pace of digital transformation to breakneck speed. Governments have responded with impressive resolve to deliver new digital services safely. The private sector faced similar challenges with lockdowns and restrictions, new customer needs and opportunities to better serve their customers. For some, these transformations are imperative just to remain viable.

These organizations, both public and private, need to be able to safely transact digitally with their customers, and to interact with one- another. They need to be certain the entities they’re dealing with are who they claim to be with a level of confidence commensurate with risk inherent in each transaction. 

Levels of Assurance are about specific agreements between participants in an ecosystem that enable them to understand the level of confidence they can place in those transactions.

When it’s done well it becomes an unambiguous contract that makes it safe for people to transact digitally. 

Joni Brennan: The LOA conversation is important because it is a piece of the conversation that focuses on the verification of information that would be part of a transaction is authentic. The technical conversation is an important part of the puzzle… but making sure we have good data that can be relied upon and have assurance around that data is ultimately critical. 

For example, if I were a bank, I want to know data is good no matter where it came from. 

LOAs are an important piece of the puzzle for making transactions possible. 

What’s a use case where Canadians interact with LOAs? 

George Watt: When citizens interact with these LOA schemes they aren’t aware it’s happening – but they are aware of its impact. Signing into social media is a low risk example that many people do every day – but those service providers don’t truly know who their customers are. Any of the other services Canadians access with those social media digital credentials would also be considered low level of assurance because nothing is done to ensure the account holder is who they claim to be. 

Online banking is a high risk example. Compromise of that information could be devastating and could lead to bankruptcy or worse. That’s why the Canadian banking industry has a very high LOA standard that helps ensure customers are who they say they are, and helps customers protect themselves. 

The consumer doesn’t see these LOAs in explicit ways but sees their impact implicitly. For example, you don’t need to visit Facebook HQ to get an account – it has a low level of assurance – but you do need to visit your financial institution or go through a more rigorous process to prove who you are to get a bank account. They require a higher level of confidence that they know who you are. 

Joni Brennan: The ability to access city plans and interface on a decision like [changing traffic flow to create active streets] would be a lower risk interaction. Learning that there will be some barriers set up for bicycles would be low risk for other citizens or the municipal government. 
Accessing your pension or tax refund would be an example with higher risk. Something that we haven’t solved yet (but relates to digital ID) is access to digital medical records. Ideally, it will be in a way that the patient can access their own records and make those records transferable or portable between doctors, between patients and across different devices. Access to health records in a ubiquitous way is high risk. It’s something we don’t have today that identity and LOA would help with.

What’s the biggest advantage of a strong LOA scheme? 

Joni Brennan: Part of the ‘why’ behind why we’re talking about this is because we have different LOA schemes in Canada today. Those different schemes have created room for challenges and adoption delays, across different regions and different stakeholders. Different parties might be using the same assurance number – but the way they’re calculating it isn’t consistent, leading to variable outcomes. 

A level of consistency and transparency in terms of assurance – that relates to individual capability in a transaction – makes acceptance and confidence in an interaction clearer and helps the economy as a whole. It’s important for banks, governments, telecommunications providers, and users. Strength in a common acceptance and transparency would help and that’s what we’re missing right now in Canada. 

George Watt: It’s important that we develop a common understanding of these risks and establish a shared vocabulary that ensures we all evaluate risks the same way. Strong LOA schemes will enable positive economic and social impact through more robust delivery of services across domains. 
If we don’t understand those risks collectively, we either won’t deliver the services necessary to live up to our potential — or we will deliver them without understanding the risks, which could be even worse and potentially set us back. Trust is speed. A strong scheme means faster delivery of more robust and trustworthy services. Participation in these digital ecosystems will drive better seamless services for all Canadians.

Why is DIACC advocating for stronger and consistent LOAs?

Joni Brennan: We need commonality in terms of how information is verified. For that measure of assurance of information, we need a common scheme that works across the different schemes that exist in Canada today. It will create visibility and a common approach so that no matter the industry, teams can work from the same starting point for validation and verification of information. That is so important, whether it’s health or AI or smart cities. 

The current scheme and current state of the art doesn’t provide the level of dynamism required in a hyperconnected ecosystem. The current ‘1 through 4’ scheme applied on top of a complicated transaction involving many partners with different capabilities – that singular number is actually insufficient. It’s much better to have transparency, visibility, and a ‘score card’, if you will, that measures assurance that is verified. That’s the kind of dynamism and transparency we need in a hyperconnected ecosystem, that provides scalability in an LOA scheme. 
George Watt: What we had was good – but it needs to evolve to keep up with what we’re dealing with now. We need to solve tomorrow’s challenges today, not yesterday’s problems. A more modern approach to LOAs is necessary to make that happen.

What will be the biggest factor for success? 

George Watt: Bringing the public and private sector together and bridging the many international standards groups… I think the defining factor for success will be collaboration. There are lots of smart people who’ve been thinking about this. More importantly this assurance scheme will work best when private and public sector, NGO and standards orgs work together to create a more trustworthy, more robust ecosystem that allows Canada to live up to its potential. Collaboration will be key. 

Joni Brennan: Collaboration will also represent a diversity of stakeholder needs and values – which is important to ensure the way forward is as inclusive as it can be. Success requires communication and education around the why – why we’re doing this work, the value, as well as how this work will be adopted. 

As George said, for people participating in a transaction these LOAs are meant to be invisible. They’re not always the most exciting or technical part of the work – but they provide that layer of integrity underneath the technology and user experience. To succeed, we’ll need education and communication.

George Watt: Diversity is the rocket fuel of innovation. Working with DIACC, I’ve always been impressed by the diversity of membership and those who participate. It’s a diverse group of smart people who are willing to come together to work on important and complex problems.

Bring your voice to the DIACC and share your perspective on how we can solve these pressing, complex challenges. Together, through our Five Year Strategy, we’re aiming to identify key policy and regulatory enablers and barriers to digital identity growth, including creating a unified approach to LOAs. Join us and subscribe for more on LOAs in Canada.

Spotlight on FaceTec

1.What is the mission and vision of FaceTec?

FaceTec’s mission is to end identity theft and protect privacy by ensuring access to important accounts and information is only available to their legal owners. FaceTec’s state-of-the-art biometric cybersecurity AI has been specifically designed to enable widespread, secure, unsupervised identity verification and user authentication from any modern smart device or PC with a webcam. 

2. Why is trustworthy digital identity critical for existing and emerging markets?

Strong, reliable, digital identity verification empowers individuals by allowing full access and control over current accounts, and protects them when they open new accounts. Trusted digital identity is also critical for enterprise, allowing them to ensure the customers they interact with are legally who they purport to be. By fostering trust on both sides of any remote interaction, FaceTec lowers friction while increasing value. Beyond quantifiable economic benefits, effective user authentication offers noneconomic value to individuals through social and political inclusion, rights protection, and enhanced transparency. The certainty trustworthy digital identity provides is a benefit to individuals, organizations, and society as a whole, and drives higher overall social and economic utility.

3. How will digital identity transform the Canadian and global economy? How does FaceTec address challenges associated with this transformation?

The adoption of a trustworthy remote digital identity verification program will pay quick and lasting dividends in Canada’s social, economic, and political activities. Natural communications barriers – within and outside of Canada – including vast distances, changing weather, and topographical challenges, will be minimized, fostering simplified, trusted interactions regardless of the environmental circumstances.

FaceTec’s technologies were created from inception to promote inclusion and provide the same advantages to anyone with digital access, regardless of their physical, economic, or social status.

4. What role does Canada have to play as a leader in this space?

Canada’s international reputation for thoughtful, rational decision-making will lend significant credibility to the adoption of strong digital identification programs. With a very diverse and large population, Canada will prove to be a beacon for other large-scale digital ID projects that society as a whole will benefit from.

5. Why did FaceTec join the DIACC?

The DIACC’s goals and approaches to solving a major social and economic problem are aligned with FaceTec’s. Leveraging the DIACC’s comprehensive relationship network and FaceTec’s first-hand technology and market experience, will ensure the development of a much more effective and inclusive solution.

6. What else should we know about FaceTec?

A pioneer and global leader in biometric cybersecurity dedicated to privacy, security, and transparency, FaceTec has provided the most accurate remote authentication technology to hundreds-of-millions of users on six continents. FaceTec patented 3D FaceScan UI, battle-tested 3D Liveness Detection, and 3D Face Matching AI anchors identity and enables true passwordless authentication from all modern smart devices and webcam-enabled systems. FaceTec’s small-footprint (3.9mb) device SDKs and neural-network-powered server SDK comprise a complete, feature-rich authentication platform that allows customers’ user data to stay encrypted behind their own firewalls. Easy to integrate into any app or web page, hundreds of organizations now provide exceptionally secure new account onboarding and ongoing access to high-value accounts in financial and government institutions, telecoms, ecommerce, blockchain, social networks, and more.

Spotlight on Acuant

1.What is the mission and vision of Acuant?

Acuant’s mission is to power trust. We do this by enabling trusted transactions that are privacy minded, putting consumers in control of their data and minimizing risk. We are mindful that a mission must be founded upon a set of core values and business principles. For Acuant this means that we take a customer centric approach that defines our purpose, guides our products and harnesses the innovation and enthusiasm of our people. Our vision is that identity is the new currency and it should belong to the individual who may choose when and how to share their personally identifying information or PII. This must be balanced with the fact that the need for strong, customer-friendly identity proofing solutions has never been greater. As PII is continuously jeopardized, Acuant serves to find a way to create trusted transactions that puts individuals at ease and in control, while simultaneously allowing businesses to address their appropriate level of risk. We see ourselves as a global player on the good side of managing identity to aid in reducing human trafficking, combatting commercial fraud and safeguarding our borders

2. Why is trustworthy digital identity critical for existing and emerging markets?

Acuant believes that digital identity will unlock both the Canadian and global markets by providing two critical ingredients:  1) an individual’s personal control over their own identity and how it is used; 2) the ability for a commercial or government to trust the transaction even when the person is not present.

3. How will digital identity transform the Canadian and global economy? How does Acuant address challenges associated with this transformation?

Acuant has been and remains committed to the proper and protected use of identity in powering transactions from boarding crossings to payments. Our Trusted Identity Platform provides identity verification, regulatory compliance and digital identity solutions leveraging AI and human assisted machine learning to deliver tools and technologies necessary for this transformation.  These omnichannel solutions provide seamless customer experiences when it comes to verifying identity, fighting fraud and establishing trust across the physical and digital world. The result is accurate risk decisioning, allowing businesses to move faster and deliver the best user experience across all channels.

4. What role does Canada have to play as a leader in this space?

We believe that Canada provides a wonderful canvas for the design and implementation of a digital identity ecosystem.  It has a robust economy, a diverse population who embrace choice, control and convenience, principles in privacy and democratic regulation and a long history of working hard to collaborate with international standards and enabling interoperability.

5. Why did Acuant join the DIACC?

Acuant joined DIACC because we believe in and want to participate in the creation of a Pan-Canadian trust framework that we envision being woven together with like frameworks from around the world.  Acuant has a long history of working with government  and commercial entities in fighting the good fight against fraud, terrorism, human trafficking, anti-money laundering with the utmost respect for privacy and  an individual’s control over their identity (which, as we state,  we view as the new currency).  We have also had a long tradition of working in Canada.

6. What else should we know about Acuant?

At Acuant we build great products and we stand behind those products. We have been in the industry for over 20 years, processing more than 4 million transactions each month in over 200 countries and territories and have created more than 400 million trusted digital identities with our patented eDNA™ technology. Our Trusted Identity Platform offers automated identity verification, regulatory compliance (AML/KYC) and digital identity solutions for the most secure environments (government services, border crossings, healthcare, banking) to consumer lifestyle apps and everything in between. We offer omnichannel deployment that allows seamless customer experiences for all to fight fraud and establish trust from any location in seconds.

Spotlight on ARUCC

1.What is the mission and vision of ARUCC?

The Association of Registrars of the Universities and Colleges of Canada (ARUCC) provides leadership in the post-secondary education field and service to its member institutions nationally and internationally, helping foster the advancement of registrarial practices in Canada. ARUCC strives to meet the needs of its members by adopting proactive measures reflecting changes in our professional environment.

Member institutions consist of universities, colleges and polytechnics that are recognized through either Universities Canada or the Colleges and Institutes Canada.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The need for online solutions increased with the COVID-19 pandemic. These solutions will become the norm as Canada and the global economy adapt to consumer expectations. As members of the post-secondary education field in Canada, we are not unfamiliar with the need for trustworthy digital identity given the increased demand for sending/receiving electronic documents.

3. How will digital identity transform the Canadian and global economy? How does ARUCC address challenges associated with this transformation?

Digital identity is most often managed as a gate to individual businesses through methods such as confidential passwords, PINs, and security questions. With each business having its own requirements (i.e., variations of password length and structure) it becomes nearly impossible for people to remember them all. Businesses and post-secondary institutions are forming allegiances to minimize the impact on the individual while maintaining trustworthy digital identity. An example of this is with CRA and banking passwords.

ARUCC also recognizes the need for trustworthy digital identity and is leading the implementation of a National Network with the core objective of improving permission-based, trusted access and portability of learner documents (i.e., transcripts, confirmation letters) across Canada and with trusted international partners for students, graduates, participating post-secondary institutions, provincial application centres and member 3rd party organizations.

4. What role does Canada have to play as a leader in this space?

Canada is in the global arena and is recognized as being trustworthy and reliable. From the post-secondary perspective, Canada has over 2.5 million students including more than 642 thousand international students[1] (based on 2019 statistics). As a destination for higher education it is imperative that trusted networks be established for identity management. The formation of the ARUCC National Network allows us to establish a ‘made for Canada’ solution that can also be tied to other trusted networks (i.e., My eQuals, CHESICC).

In 2018 Canada ratified the Lisbon Recognition Convention which demonstrates our commitment to the recognition of academic credentials, which need to be portable, as learners and alumni move to work and live around the globe. This inspires the work of ARUCC to enhance trusted document exchange and provide learner credential wallets.

5. Why did ARUCC join the DIACC?

ARUCC believes in working together to achieve common goals. We feel the purpose of ARUCC and the creation of the National Network to support learner mobility aligns well with DIACC’s principals.

6. What else should we know about ARUCC?

ARUCC was formed in 1964 and became incorporated in 2018. It includes over 150 member institutions representing over 2.5 million current learners and millions of alumni from within Canada and around the globe.

The Next Evolution of Levels of Assurance in Canada

Levels of Assurance (LOA) play a foundational role in the world of standards, digital identity, and digital transactions. Put simply, LOA is the degree of confidence in the validity of a claim, process, or authentication. In the sphere of digital identity, it is a necessary model to verify that the person or entity claiming an identity is the entity to which that identity was assigned. 

Most Canadians don’t think too deeply about LOAs, and yet most Canadians interact with these models, unknowingly, at some point in their lives. For example, Canadian experience LOAs when opening a bank account, demonstrating qualifications for a government service or benefit, making an insurance claim, or wiring money to a client or family member. 

Organizations that use LOAs to inform their policies and processes often have dedicated strategies and teams, working out contingencies and approaches to maximize security in Canada and internationally. These teams often face challenges interacting with other service providers, meeting different standards across jurisdictions, and minimizing friction for clients accessing their services.

How the Current LOA Model Works

Imagine two people, Samir and Aiya, are trying to apply for a small business loan. Both women have very strong credentials, a passport, driver’s license and the requisite business records. Samir and her credentials are linked through a knowledge-based authentication (KBA), and are accepted after answering a security question she previously populated about her father’s middle name. Aiko and her credential are linked with an in-person ceremony, as she went to her local bank branch with two pieces of identification and her business records to complete the loan application. Aiya’s scenario offers a stronger LOA and Samir’s a weaker LOA. Despite these differences, Canada’s federal LOAs currently dictate that Samir and Aiya both have the same assurance. 

In Canada and many places around the world, it is common for LOA structures to combine a number of factors into a single score. The result is an obscured view of the risk factors and authentication. This lack of granularity into the LOAs of specific capabilities is a challenge present in the construct of LOA models around the world. The deciding factor regarding acceptance of an identity comes down to Relying Parties (parties who rely on the validity of identities) who determine their own risk profiles. 

In this case, the relying party is the bank. The banker helping Samir and Aiya also benefits from a stronger LOA as they sign off on the business loan. In addition to building a stronger relationship with the client, they are able to manage their portfolio with confidence.

There is widespread agreement the current LOA model in Canada is inadequate. While LOAs serve a purpose, they are not transparent and dynamic enough to address the myriad digital solutions and scenarios of today. Internationally, single LOA schemes are no longer state of the art and today’s requirements necessitate separate evaluation for specific capabilities. In the DIACC community, there is consensus that there must be separate schemes for credentials and identity, at a minimum, in order to be useful in the widest possible range of scenarios and contexts. An improved assurance model should be capable of asserting identity and credentials at different levels.

Envisioning a New Risk-based Model for Assurance

A risk-based model offers a more enduring, user- and industry-friendly path forward that enables existing LOA schemes to participate while building for a more dynamic and scalable digital ecosystem. The notion of leveraging a risk-based model is highly applicable as the application of LOAs  today are best determined by performing a threat or risk analysis. The risk-based model must address the likelihood and impact of something happening, and the appropriate mitigation approach. 

LOA is essential in determining liability and risk; offering a clear understanding how a Subject (customer or citizen) and a Relying Party (company or government service) can validate that they are who they say they are. It is a central component in being able to determine whether a transaction should proceed. 

The risk-based starts by assessing risk first and then the approach drives more value for organizations, as they confront the baseline of their current systems and assess risk realistically. It also helps adopters improve their systems through motivation to  reduce or remove risks through various types of mitigation.

DIACC is on a mission to rapidly deliver a modern, risk-based LOA model that is…

  • Risk-based
  • Directive and illustrative
  • Non-prescriptive in execution
  • Evergreen
  • Deterministic in implementation and assessment
  • Congruent with existing state of the art and best practices
  • Inclusive in support of both the private and public sector
  • Supportive of evolving needs on credentials and bindings

The impact of this evolution is far-reaching, and will ensure that the  Pan-Canadian Trust FrameworkTM is strong and resilient over time. This evolution takes a framework-wide approach to address interdependencies, independencies, and support communication across platforms. This new approach ensures scalability over time as technologies and their uses evolve.


DIACC has engaged a small, representative team to rapidly deliver a new model to support the PCTF, which launched September 15, 2020. The model will benefit from the DIACC’s well-documented peer and public review process. Members can contact info@diacc.ca to contribute. Non-members can get in touch to learn more.

Spotlight on Stash

1.What is the mission and vision of Stash?

Our mission is to provide people with the tools and education to help them protect their online accounts. Our vision is a digital world in which people do not reuse any of their passwords across multiple accounts. Ever. Stash is bringing this vision to reality by delivering an offline password manager that makes it easy for people to create and securely manage strong, unique passwords for every single account they have. Ultimately, removing the difficulty and frustrations of having to do it on their own.

2. Why is trustworthy digital identity critical for existing and emerging markets?

In the digital age, it is too easy for people to remain anonymous online or claim to be someone they aren’t. In the physical world, we have ways of proving who we are through different identification methods which makes it difficult for someone to fake their identity. As we increasingly go digital, we need a form of digital identity to help people stay secure and limit their risks of being the subject of fraudulent activity.

3. How will digital identity transform the Canadian and global economy? How does Stash address challenges associated with this transformation?

Simply put, digital identity will make it safer and easier for Canadians to operate online. This will lead to people conducting more business online, nationally and internationally, in ways in which they were not comfortable before.

While it is clear that digital services aid in the efficiencies of businesses and organizations, trusted digital identity has been relegated to a side note by many leaders across numerous sectors in Canada. As digital solutions continue to evolve, access to such services still requires end users to create usernames and passwords – leaving them with hundreds of login credentials to manage.

In the digital world, it has become critical to have strong password management practices. With the ever-increasing amount of online services that require passwords, many are left feeling overwhelmed and frustrated leading them to sacrifice security for convenience. Using a password manager allows people to improve their password security while providing the convenience and peace of mind needed to go about their lives.

Stash Password Manager was created to remove the frustrations of trying to manage unique, complex passwords for all of our digital accounts while ensuring each of your usernames and passwords are securely stored offline and making logging into accounts easy.

4. What role does Canada have to play as a leader in this space?

Canada is seen by many global observers as a trustworthy, safe and stable country. Once Canada moves beyond its strategic framework and implements various capacities of digital identification, our reputation will allow us to help influence the rest of the world in adopting a standardized digital identity protocol.

5. Why did Stash join the DIACC?

We believe our patent pending Island Technology™ and our approach to online security can assist in DIACC’s mission to achieve excellence in digital identity.

6. What else should we know about Stash?

The simplest way for people to protect their own digital accounts is by having a strong, unique password for every single account they have.

Stash was created because we realized people needed a way, that was both secure and convenient, to easily manage all of the different usernames and passwords they are forced to use in the digital age. We believe the only way to securely manage all of our login credentials (usernames + passwords) and truly keep them safe is to physically store them offline in a way that keeps them disconnected from the internet. This means they should not be managed on any device that is connected to the internet, as those devices can be hacked.

At the heart of Stash is Island Technology™. Island Technology™ creates an air-gapped “island” which allows a user to isolate their data and store it in a secure manner that keeps it disconnected from the internet. Essentially it acts as a dynamic, one way communication bridge that safely transfers data from a disconnected vault to the online world. Although we utilize this technology in transferring login credentials, other companies are now beginning to recognize Island Technology™ for its unique utility in additional use cases.

« Older Entries