Definition

BYOI (bring your own identity)

By

Robert Sheldon
Sharon Shea, Executive Editor

What is BYOI (bring your own identity)?

BYOI (bring your own identity) is an approach to digital authentication in which an end user's username and password are managed by a third party.

BYOI is increasingly being used for website authentication. Instead of requiring visitors to create new usernames and passwords during the registration process, the website enables them to log in with their credentials from services such as Facebook, Apple, Microsoft, Google or Amazon. Figure 1 shows the TikTok login screen, which lets users log in with a variety of accounts.

TikTok BYOI login page — Figure 1. An example of BYOI is the TikTok login screen. It enables users to log in using a variety of third-party accounts.

After a user creates an account with a service provider such as Google or Apple, the user can then log in to any other service that accepts the provider's login credentials. In effect, the service provider acts as an identity provider (IdP) that enables third-party service providers to accept the IdP's credentials on behalf of their users. To accept the credentials, the service providers must update their web applications to interface with the IdP and accept the logins.

An IdP does not have to be a social media platform or a vendor like Apple or Microsoft. It might be a government, bank, mobile network operator or standalone service that specializes in identity management. For example, a number of European governments have set up their own identity services. The U.S. government has not, but it has established Login.gov, which provides a secure sign-in service for participating government agencies.

The login process itself is fairly straightforward, although it might vary from one IdP to the next. For example, if a user tries to log in to TikTok and clicks the Continue with Apple option, a small window opens that links directly to Apple.com. Here, the user is walked through the process of entering an Apple ID, password and any other information required to verify the account or prepare for connecting to TikTok. After the user has completed this process, Apple sends an access token to TikTok that confirms the user's identity. The user can then access the TikTok service.

What are the advantages and disadvantages of BYOI?

Many service providers now offer BYOI sign-in capabilities, and the numbers continue to grow. This trend is driven in large part by the advantages that BYOI offers to both the providers and their users, including the following:

BYOI makes the process easier for users. They don't have to track their credentials for each online service they use, reducing password fatigue and reuse. BYOI also simplifies password management for users and makes it easier for them to log in to a site from different devices.
A site's registration process becomes much easier for users. As a result, they're less likely to abandon the registration process because it seems too cumbersome. Users might also be inclined to trust a lesser-known service because the login process invokes well-known entities, such as Apple or Microsoft.
Users share their personal information with fewer providers. This helps to protect their privacy and reduce their online risks. The IdP does not share the user's credential data with the service provider; it sends only an access token that confirms the user's identity.
BYOI can potentially lead to better security. This is because service providers use the IdP's identity structure rather than using their own. An IdP such as Microsoft or Apple can typically implement much more extensive security than what other service providers might be able to achieve or afford. This can be especially true for startups or smaller organizations with limited budgets.
In some cases, BYOI can help a service provider address compliance and privacy issues. This is because the IdP is managing and storing the user's credentials, not the service provider. However, this is an advantage only in certain circumstances, which are dictated by the applicable regulations. It is also possible for BYOI to make privacy compliance more difficult.
BYOI lowers the administrative overhead that comes with identity management. This helps to reduce the service provider's operating costs, while freeing up more time to focus on mission-critical objectives. Additionally, the service provider does not have to invest in the software and hardware needed to support in-house identity management.

Despite the benefits that BYOI offers users and service providers, the strategy also comes with its own concerns. To begin with, users might not want to cede more of their private information to behemoth IdPs that make a point of collecting whatever details they can about their users. For example, if Google is used to register with TikTok, Google knows that the user has created a TikTok account, what account information was provided when registering for that account, and when and how often the user visits TikTok.

Another issue is that the service provider has no control over the identity and access management (IAM) process, outside of handling the IdPs access tokens. This could be problematic if the service provider is governed by data privacy laws that require an organization to maintain strict control over sensitive data. In addition, a service provider might run into support issues if BYOI login attempts fail. The IT team might be able to track down the problem, but if it rests with the IdP, resolving the issue could be difficult and time-consuming.

Perhaps the biggest concern with BYOI is that it represents a single point of failure and a potentially significant security risk. If the IdP's systems go down, users are not able to use their credentials to log on to other registered sites. Worse still, if the IdP's systems and data are compromised as a result of a cyber attack, user data could be exposed, providing cybercriminals with access to multiple accounts rather than just one. The criminals might also be able to access other sensitive data that they can use themselves or sell to the highest bidder.

BYOI might also be called federated authentication or sometimes abbreviated as BYOID.

Explore five IAM trends shaping the future of security, and see how to navigate the new social media landscape. Learn the differences between identity management vs. authentication. Check out four essential IAM best practices.

This was last updated in August 2023

Continue Reading About BYOI (bring your own identity)

Why identity is the central problem for the future of the internet

Federate and secure identities with enterprise BYOI

The top 7 identity and access management risks

How does an identity and access management framework work?

How IAM systems support compliance

Dig Deeper on Application and platform security

Networking

How low Earth orbit satellite networks improve internet access
Compared to traditional satellite setups, LEO satellite internet provides several benefits, such as low latency, reduced costs ...
Cisco makes big splash with Splunk
The integration of Cisco and Splunk could result in a full-stack offering that provides comprehensive visibility across ...
Cut through 5G hype with the latest insights
Network complexity has made 5G difficult for telecom providers to enable, which has delayed global development. These insights ...

CIO

U.S. government shutdown would crush CHIPS Act momentum
A U.S. government shutdown would significantly impact implementation of the CHIPS and Science Act of 2022 as federal workers ...
6 alternatives to blockchain for businesses to consider
Technologies like cloud storage and distributed databases provide some of blockchain's data-integrity and reliability advantages ...
Why cloud governance is shifting to business stakeholders
Balancing value creation with innovation is a constant challenge for organizations. Here's what to consider when evaluating the ...

Enterprise Desktop

Using the Intune management extension for PowerShell scripts
Intune and PowerShell have a lot of unique management actions they can take, but with the help of the Intune management extension...
Intel promotes new computing era with AI PC
Intel says its upcoming Core Ultra will help lead personal computing to the AI PC era by making AI processing a mainstream task ...
4 ways that I use generative AI as an analyst
Many use cases for generative AI involve projecting to the future and aren't currently easy to use. However, these four use cases...

Cloud Computing

What does a cloud network engineer do?
A cloud network engineer juggles a number of responsibilities -- from network design and troubleshooting to learning about ...
3 rules to avoid high multi-cloud integration costs
When using multiple cloud providers, integration costs can grow quickly. To prevent billing surprises, enterprises must carefully...
Oracle databases in OCI now run on Microsoft Azure
A new partnership between two enterprise technology giants adds Oracle's hardware and software for Microsoft Azure customers, as ...

ComputerWeekly.com

Care responsibilities excluding women from tech, says TTC
A lack of flexibility at work is causing many women to leave their jobs, or leave the sector entirely, according to research by ...
Casi gets into gear with Hyundai to bring car subscriptions to Europe
Case teams with Hyundai to see its car subscription tech platform be the provider of all technical aspects needed to scale Mocean...
Visa to fund AI scholarships for underrepresented students in government scheme
Payments giant supports UK scheme to increase diversity in the data and artificial intelligence sector through funding

Close