With the race to the metaverse heating up by the day, I have been trying to catch up on a topic near and dear to my heart: identity management and protection.
I still have mixed feelings regarding the best way to build and protect our identity in the metaverse, but this passage from a recent essay by O’Reilly captures my current stance quite well:
Identity in the metaverse is more than a costume that you put on. It will consist of all the identities, pseudo-identities, and pseudo-anonymous identities we take on today, but displayed in a way that can fool us. We can’t forget that we are humans experiencing a reality that speaks to the many facets we have inside ourselves.
Age-verification in the metaverse
As a mother, I worry about ensuring my kids have the best possible experience when interacting online. Whether that’s playing Fortnite, joining their friends on Discord or buying books on the Kindle’s app, I need to be positive about who my kids are playing with and talking to. It’s true that so far they have been great at checking with us before engaging with someone they don’t know or using the family wallet to get a new skin or virtual pet, but both parents are very aware of the many risks the multiverse pose. It’s not just that if one of their avatars gets hacked they could accidentally disclose personal information or serve the needs of a cybercriminal disguised as a friend; there’s also the challenge of teenagers outsmarting themselves to pose as adults so they can access restricted content…
Many established identity verification and cybersecurity firms are working towards solving those risks. Veriff, for example, said it’s working with some “top metaverse companies” to verify the identities of metaverse users by enabling automated, age-appropriate virtual experiences. They are also putting their document scanning and verification technology to use within the metaverse, enabling safer onboarding.
Personal boundaries for avatars
As the metaverse is ripe for both opportunities and perils, preventing virtual harassment has turned into a priority for everyone in the Web3.0. After one of their testers was harassed in the virtual world, Meta launched a new security feature for their Horizon metaverse called ‘Personal Boundaries’. As the tech company explains, a Personal Boundary prevents anyone from invading your avatar’s personal space. “If someone tries to enter your Personal Boundary, the system will halt their forward movement as they reach the boundary. You won’t feel it—there is no haptic feedback. This builds upon our existing hand harassment measures that were already in place, where an avatar’s hands would disappear if they encroached upon someone’s personal space.”
The biometric link between physical and metaverse identities
Linking your physical self with your identity (or identities) in the metaverse through biometric authentication is one of the seemingly most developed solutions so far. The likes of Meta, Microsoft and Liquid Avatar are working on biometric solutions based on facial recognition, liveliness detection and behavioural biometrics that can be used to link your ‘offline identity’ with your virtual one.
Charlie Bell, the executive VP of Security, Compliance, Identity, and Management at Microsoft puts it quite clearly: Identity is where intruders strike first. In a blog post from late March, Bell invited everyone to think about how phishing could look like in the metaverse. “It won’t be a fake email from your bank. It could be an avatar of a teller in a virtual bank lobby asking for your information. It could be an impersonation of your CEO inviting you to a meeting in a malicious virtual conference room,” according to Bell’s own recreation.
Microsoft’s take on making metaverse-enabled apps and experiences that don’t upend users’ identity and access control go by “making things like multi-factor authentication (MFA) and passwordless authentication integral to platforms.”
NFTs to prove you are who your avatar says you are
Other avenue offering high potential is that of NFTs or Non-Fungible Tokens. Built on the blockchain technology, NFT-secured virtual selves might be more secure than more traditional means of identity such as passwords, biometrics, and passports that can all be hacked, stolen, or forged.
Talking about this issue for the FT, Eric Anziani, COO of Crypto.com, explained that “What NFT provides is abstracting the asset from the closed-loop environment, making it open-loop, and a lot more fluid and free.” “That is very powerful. And we’re just touching the surface today on the capabilities that can be built on top of that. Today it’s trading assets such as gaming items; one day it will give us free movement in the metaverse.”