Blake Hall
Sep 3, 2018 · 1 min read

Hi Keith, thanks for signing up for ID.me and for sharing your thoughts. In fact, authentication is a concept included in this essay as you cannot go up the Trust axis without baking in risk-adaptive authentication to ensure that the right person is providing the authorization for things that are much higher risk than a military discount e.g. a patient moving medical records from one provider to another or a doctor prescribing a controlled substance online. We support NIST compliant authentication both scenarios. Our federal certification as an authentication provider to verify legal identity to a certain level of assurance is available https://www.idmanagement.gov/trust-services/#consumer-identity-credentials. You’ll notice that Google is also on that list at Level of Assurance 1. So, we can accept Google as a knowledge based authenticator at low levels of risk because we know they comply with the NIST guidance on issuing passwords. At higher levels of assurance, we enforce strong identity proofing and multifactor authentication i.e. two of three of something you know, something you have, or something you are is mandatory so you would have to link a verified device to your profile to authenticate on our network to conduct high risk authorizations. If you visit www.Vets.gov and click sign-up or sign-in and try to complete a high risk action like viewing your claims status or benefits information, then you’ll go through the advanced authentication process before the app accepts your authorization to present you with that data. Hope this context helps.

    Blake Hall

    Written by

    Founder & CEO of ID.me. Leading a talented team focused on increasing trust in digital transactions. Iraq Combat Veteran.