One Human, One Log-in: Why & How
By Eva Schiller
Aug 17, 2022
In the real world, each person has a singular physical form. They can change clothing or put on a disguise, but they will always be the same human being underneath. In the digital world, however, this is often violated. On popular social media sites such as Instagram, YouTube, and Twitter, one person can have several different identities. A platform does not know if a cluster of accounts on its site belongs to an individual or multiple unlinked users.
One human, one-login bridges the gap between the real and digital worlds. Ideally, on a platform, each person holds one digital identity linked to several accounts. Externally, not much changes: a digital identity can still be fully anonymous, and any linked accounts can remain publicly separate. Thus, users retain the flexibility to have multiple online personas, while the site in question can better protect the integrity of its user interactions.
Why Use One Human, One Log-in Technology?
What does it mean to protect the integrity of a digital sphere? Many sites suffer from common user-related challenges like malicious bots, spam accounts, and problematic users. Most of these issues have similar roots, and they can all be resolved by restricting the number of unconnected accounts that a single user can hold.
Bot accounts are known to propagate misinformation on the internet. Social bots play a disproportionate role in spreading ‘fake news’ articles, causing them to trend through mass reposting. This allows individual bot-creators to have disproportionately louder voices in the digital sphere, which can influence a wide spectrum of social/political issues. Similarly, spam bots are employed to deceive real users by dropping inappropriate or dangerous links in chat rooms and comment sections. These often contain false information convincing people to visit them. When you prevent individual users from creating multiple unlinked accounts, these malicious bots can be effectively stopped in their tracks. Doing so would dramatically diminish the spread of misinformation on your platform.
Furthermore, enforcing one human, one log-in policy protects fairness online. Users can sway results in many polls, giveaways, and peoples’ choice awards by entering information from several additional accounts. In qualitative measures of public opinion, like product reviews and comment sections, users often boost their content or disparage other content by leaving negative feedback under false personas. When you prevent the creation of burner accounts, you limit both behaviors, increasing fairness and reliability across your platform.
Finally, when each user has a single digital identity, it becomes simpler to handle problematic users. If a user blocks a cyberbully or troll, the platform can effectively ensure they will be recontacted via the offending user’s other accounts. Preventing burner accounts also discourages catfishing and other predatory behavior.
How Does It Work?
How can a one-log-in-per-person policy be enforced? Of course, total prevention of duplicate log-ins is nearly impossible. However, some forms of authentication technology are highly effective in preventing the majority of bot and burner accounts.
Often, this is accomplished via phone-centric authentication. This means users must verify their identity using their phone number or mobile device. Therefore, a user must obtain a new, verifiable phone number for each unlinked account. Creating burner numbers is expensive and difficult, thus stopping the formation of spam, bot, and duplicate accounts at their root.
One common implementation of mobile authentication is multi-factor authentication (MFA), which requires users to provide additional proof of identity in addition to a standard username and password. Options for doing so vary by the provider: users may need to visit an app and tap a button, or they may enter a one-time password provided through the app or via SMS. In some cases, they can opt to answer a phone call. This mandatory secondary step makes mobile MFA an effective method because it requires users to have a distinct phone number and device in their possession to gain access. However, MFA has its flaws, too– it is less convenient for users, and collects more user information. Furthermore, not all MFA identity providers will restrict users to one account per phone number.
Another effective option for mobile authentication is humanID. A phone-based single sign-on (SSO), humanID creates an identifier, or ‘hash’, for a user’s mobile device that cannot be reversed to the original phone number. Following setup, all user data is instantly and permanently deleted. The user can then log-in with one click and no username/password required. Simply by the nature of their technology, humanID embraces a one human, one log-in policy. Since the only information used to authenticate users is a one-time collection of their phone number, it can only create one account per number.
Ultimately, employing a one human, one log-in policy drastically reduces common challenges faced by online platforms. Companies can better prevent misinformation, manage problematic users, display reliable representations of public opinion, and more. Furthermore, it can easily be accomplished without loss of anonymity or user convenience by employing a phone-centric authentication service like humanID. In the real world, every person has one singular physical form– one human, one voice. By joining humanID and striving for the same in the digital sphere, you can protect fair, democratic, human-to-human interactions on your site.