The Death of Identity as We Know It
Why the Next Generation of Identity Will Be Built on Proof, Not Access
Identity Has Become a Financial Problem
Identity is no longer just a security issue.
It is now:
- A cost centre (helpdesk, onboarding friction, recovery processes)
- A risk surface (credential compromise, fraud, insider access)
- A revenue constraint (slow onboarding, failed customer conversion, trust barriers)
And yet, most organisations still treat identity as an authentication problem, that model is breaking. According to Verizon, over 80% of breaches involve stolen or compromised credentials.
Meanwhile, IBM consistently shows identity-related failures as a leading driver of breach cost and impact. The conclusion is clear:
Identity is no longer about access, it is about trust, risk, and economic impact.
Identity Was Designed for Access, Not Trust
Traditional identity systems were built around a simple question: “Can this person log in?”
Modern organisations need to answer a different one: “Should this person be trusted in this moment?”
This distinction is not semantic, it is structural, because risk does not emerge at login.
It emerges in moments where:
- A new employee is onboarded
- A contractor requests access
- A user needs account recovery
- A helpdesk agent overrides a control
These are decision points, not authentication events and in most organisations, those decisions are still made using:
- Shared secrets
- Process assumptions
- Human judgement
Watch: What’s Changing in Identity
The Industry Has Improved Authentication, But Not Trust
The move to passwordless authentication is real. Standards from FIDO Alliance and World Wide Web Consortium (W3C) have driven adoption of passkeys and WebAuthn.
These approaches:
- Eliminate passwords
- Provide phishing resistance
- Reduce credential replay risk
This is meaningful progress, but it does not solve the underlying problem. Because authentication answers: “Do you control a credential?”
It does not answer:
· Who are you?
· What are you allowed to do?
· Why should this system trust you?
This is why organisations still rely on:
- Manual verification
- Helpdesk intervention
- Knowledge-based recovery
The weakest points in identity were never at login.
A New Category Is Emerging: Proof-Based Identity
A structural shift is now underway, not incremental, but foundational, this is Proof-Based Identity.
This model replaces assumption with verification. Instead of asking: “Can you present a secret?”
And asks: “Can you present verifiable proof?”
The Two Pillars of Proof-Based Identity
1. Proof of Possession (Authentication)
Passkeys and public-key cryptography ensure:
- No shared secrets
- No replayable credentials
- Strong, device-bound authentication
This aligns with guidance from National Institute of Standards and Technology (NIST SP 800-63B), which emphasises phishing-resistant authentication as a baseline.
2. Proof of Identity and Attributes (Verification)
This is where the model changes.
Using Verified Credentials (VCs):
- Claims are cryptographically signed
- Trust is portable and verifiable
- No dependency on real-time system lookup
Defined by standards from the World Wide Web Consortium, VCs allow organisations to verify:
- Identity
- Role
- Entitlements
- Certifications
Without relying on internal system trust.
Why This Matters Commercially (Not Just Technically)
This is where most identity discussions fall short, Proof-Based Identity is not just a security upgrade.
It directly impacts:
1. Cost Reduction
- Password resets account for 20–50% of helpdesk volume (Gartner, 2023)
- Identity-related support costs scale linearly with workforce size
Eliminating shared secrets removes entire operational layers.
2. Risk Elimination (Not Reduction)
Credential-based attacks are not mitigated, they are eliminated as a class.
This includes:
- Phishing
- Credential stuffing
- Password reuse attacks
3. Faster Time to Productivity
- Onboarding delays directly impact revenue and output
- Contractors and partners often wait days for access
Proof-based onboarding enables:
· Immediate, verified access
· Reduced friction
· Faster revenue realisation
4. Audit and Compliance Efficiency
Regulated industries face increasing pressure to prove:
- Who accessed what
- Why access was granted
- Whether controls were enforced
Proof-based models provide:
- Cryptographic evidence
- Verifiable audit trails
- Reduced compliance overhead
5. Revenue Enablement (Often Overlooked)
Identity is increasingly a conversion layer.
In workforce and customer contexts:
- Friction reduces conversion
- Trust increases completion rates
Proof-based identity enables:
· High-trust, low-friction experiences
· Faster onboarding
· Higher completion rates
The Structural Shift
This is not: Password to Passkey
This is:
· Access to Trust
· Secrets to Proof
· Systems to Verifiable Claims
What This Means for Investment Decisions
For executives, the question is no longer: “Should we modernise identity?”
It is: “Where is identity currently creating cost, risk, or revenue drag?”
And: “How quickly can we replace assumption with proof?”
Identity is becoming one of the most important control planes in the enterprise, not because of technology.
But because of its impact on:
- Risk
- Cost
- Revenue
Proof-Based Identity represents the next evolution. It is not a feature, it is a new foundation for digital trust.
Organisations that adopt it early will not just improve security. They will operate faster, more efficiently, at a significantly lower cost and with greater confidence in every identity-driven decision.
REFERENCES
FIDO Alliance. (2024). Passkeys and passwordless authentication. https://fidoalliance.org
Gartner. (2023). Reducing IT support costs through passwordless strategies.
IBM Security. (2024). Cost of a data breach report. IBM Corporation.
National Institute of Standards and Technology. (2023). Digital identity guidelines (SP 800-63B). https://pages.nist.gov/800-63-3/
Verizon. (2024). Data breach investigations report. Verizon Enterprise.
World Wide Web Consortium. (2025). Web Authentication (WebAuthn) Level 3. https://www.w3.org/TR/webauthn-3/
World Wide Web Consortium. (2023). Verifiable Credentials Data Model 2.0. https://www.w3.org/TR/vc-data-model/