Definition

BYOI (bring your own identity)

By

Robert Sheldon
Sharon Shea, Executive Editor

What is BYOI (bring your own identity)?

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party.

BYOI is increasingly being used for website authentication. Instead of requiring visitors to create new usernames and passwords during the registration process, the website enables them to log in with their credentials from services such as Facebook, Apple, Microsoft, Google or Amazon. Figure 1 shows the TikTok login screen, which lets users log in with a variety of accounts.

TikTok BYOI login page — Figure 1. An example of BYOI is the TikTok login screen. It enables users to log in using a variety of third-party accounts.

After a user creates an account with a service provider such as Google or Apple, the user can then log in to any other service that accepts the provider's login credentials. In effect, the service provider acts as an identity provider (IdP) that enables third-party service providers to accept the IdP's credentials on behalf of their users. To accept the credentials, the service providers must update their web applications to interface with the IdP and accept the logins.

An IdP does not have to be a social media platform or a vendor like Apple or Microsoft. It might be a government, bank, mobile network operator or standalone service that specializes in identity management. For example, a number of European governments have set up their own identity services. The U.S. government has not, but it has established Login.gov, which provides a secure sign-in service for participating government agencies.

The login process itself is fairly straightforward, although it might vary from one IdP to the next. For example, if a user tries to log in to TikTok and clicks the Continue with Apple option, a small window opens that links directly to Apple.com. Here, the user is walked through the process of entering an Apple ID, password and any other information required to verify the account or prepare for connecting to TikTok. After the user has completed this process, Apple sends an access token to TikTok that confirms the user's identity. The user can then access the TikTok service.

What are the advantages and disadvantages of BYOI?

Many service providers now offer BYOI sign-in capabilities, and the numbers continue to grow. This trend is driven in large part by the advantages that BYOI offers to both the providers and their users, including the following:

BYOI makes the process easier for users. They don't have to track their credentials for each online service they use, reducing password fatigue and reuse. BYOI also simplifies password management for users and makes it easier for them to log in to a site from different devices.
A site's registration process becomes much easier for users. As a result, they're less likely to abandon the registration process because it seems too cumbersome. Users might also be inclined to trust a lesser-known service because the login process invokes well-known entities, such as Apple or Microsoft.
Users share their personal information with fewer providers. This helps to protect their privacy and reduce their online risks. The IdP does not share the user's credential data with the service provider; it sends only an access token that confirms the user's identity.
BYOI can potentially lead to better security. This is because service providers use the IdP's identity structure rather than using their own. An IdP such as Microsoft or Apple can typically implement much more extensive security than what other service providers might be able to achieve or afford. This can be especially true for startups or smaller organizations with limited budgets.
In some cases, BYOI can help a service provider address compliance and privacy issues. This is because the IdP is managing and storing the user's credentials, not the service provider. However, this is an advantage only in certain circumstances, which are dictated by the applicable regulations. It is also possible for BYOI to make privacy compliance more difficult.
BYOI lowers the administrative overhead that comes with identity management. This helps to reduce the service provider's operating costs, while freeing up more time to focus on mission-critical objectives. Additionally, the service provider does not have to invest in the software and hardware needed to support in-house identity management.

Despite the benefits that BYOI offers users and service providers, the strategy also comes with its own concerns. To begin with, users might not want to cede more of their private information to behemoth IdPs that make a point of collecting whatever details they can about their users. For example, if Google is used to register with TikTok, Google knows that the user has created a TikTok account, what account information was provided when registering for that account, and when and how often the user visits TikTok.

Another issue is that the service provider has no control over the identity and access management (IAM) process, outside of handling the IdPs access tokens. This could be problematic if the service provider is governed by data privacy laws that require an organization to maintain strict control over sensitive data. In addition, a service provider might run into support issues if BYOI login attempts fail. The IT team might be able to track down the problem, but if it rests with the IdP, resolving the issue could be difficult and time-consuming.

Perhaps the biggest concern with BYOI is that it represents a single point of failure and a potentially significant security risk. If the IdP's systems go down, users are not able to use their credentials to log on to other registered sites. Worse still, if the IdP's systems and data are compromised as a result of a cyber attack, user data could be exposed, providing cybercriminals with access to multiple accounts rather than just one. The criminals might also be able to access other sensitive data that they can use themselves or sell to the highest bidder.

BYOI might also be called federated authentication or sometimes abbreviated as BYOID.

Explore five IAM trends shaping the future of security, and see how to navigate the new social media landscape. Learn the differences between identity management vs. authentication. Check out four essential IAM best practices.

This was last updated in August 2023

Continue Reading About BYOI (bring your own identity)

Why identity is the central problem for the future of the internet

Federate and secure identities with enterprise BYOI

The top 7 identity and access management risks

How does an identity and access management framework work?

How IAM systems support compliance

Dig Deeper on Application and platform security

Search Networking

How AIOps enables next-generation networking
As networks grow more complex, management becomes more difficult. AIOps can help network administrators transition to and manage ...
BGP routing: A configuration and troubleshooting tutorial
BGP is the internet's core routing protocol, enabling communication between ISPs and large networks. This guide covers its ...
Cisco Live 2025 conference coverage and analysis
Cisco Live 2025 will largely focus on the need to modernize infrastructure with AI capabilities. Use this guide to follow along ...

Search CIO

Proposed U.S. budget cuts raise fears about tech innovation
President Donald Trump's proposed FY 2026 budget slashes funding for federal agencies, including NSF and NIST, which support tech...
RIT showcase offers glimpse of early tech innovation cycle
Connected vehicle security, AI and 3D printing were among the technologies featured at Imagine RIT, an annual exhibition focusing...
Contempt order worsens Apple's antitrust woes
A federal judge found Apple to be in contempt of an injunction ordering the company to make access to alternative payment options...

Search Enterprise Desktop

How to create a custom Windows 11 image with Hyper-V
When administrators can deploy Windows systems in many ways, creating a custom VM with Hyper-V enables them to efficiently deploy...
End users can code with AI, but IT must be wary
The scale and speed of generative AI coding -- known as vibe coding -- are powerful, but users might be misapplying this ...
10 troubleshooting steps for when Windows Update is frozen
When a Windows desktop is frozen and can't update, there could be many causes. The troubleshooting process can be complicated, ...

Search Cloud Computing

Get started with Amazon Q Developer
Amazon Q Developer is a versatile tool for software development, offering code generation, optimization recommendations and ...
HPE adds Morpheus Data to KVM hypervisor for enterprises
A KVM hypervisor by Hewlett-Packard Enterprise evolves with technology and capabilities from Morpheus Data, an HPE acquisition, ...
Gain insights with Enhanced Monitoring in Amazon RDS
RDS Enhanced Monitoring provides teams with additional data visibility to improve database scalability, performance, availability...

ComputerWeekly.com

Connectivity kicks in for Sunderland at the Stadium of Light
Sunderland AFC enhances high-demand density connectivity coverage, capacity and performance across stadium involving leading ...
Chinese cyber spooks lure laid-off US government workers
A Washington DC-based think tank has published evidence that Chinese intelligence services have been running a network of digital...
Trump visit bolsters Saudi AI
A new AI datacentre is among the initiatives the White House announced during the president’s Middle East visits

Close