Okay. It’s time to go off script with this post and I’m not even sure that anyone will ever read it. For years I’ve been writing a weekly blog that’s released every Tuesday. Well, it’s now Thursday and I’ve released nothing. It’s not that I haven’t written a post, in fact I’ve completed several. However I’ve lost access to our customer relationship management system (CRM) that sends my Talk Tuesday emails.
How can this happen? Unfortunately, quite easily since I do not control my own online identity.
Lost and Found
Losing access to critical business systems is an all-too-common occurrence if our identities are tied to third party administrators who broker our connections. For me it’s a simple problem: I’m travelling in Europe and I replaced my Canadian SIM data card with a European one to access the Internet and accomplish all the routine things I do every day, like this blog post.
The problem arises because if you change your SIM card, one of the critical identifiers used to provide an extra layer of security, your phone number changes. Usually, that ‘Two Factor Authentication’ security layer is a good thing, but it certainly isn’t when you can no longer receive the special single-use code they text to your original cell number to enable access.
It’s not your identity it’s mine
The fact that our identity is not issued or controlled by us means that we are all subject to the cyber-security rules applied by our service providers. Our identity hasn’t changed – we are still us, but we must work within someone else’s ruleset to access a service for which we pay. This makes no sense to me. If I want to have unfettered access to critical business systems, why don’t I control how I facilitate that access?
I lost access to my CRM because I cannot access my Canadian phone number in Europe, and I cannot update the phone number used to text me the One Time Passcode without – access! Furthermore, if I decide to insert my Canadian SIM card for a few minutes, I’ll incur all the hideous roaming and activation charges necessary to use it in Europe.
I sent an email to my CRM’s support desk asking them to disable the need to enter an OTP code then waited over 24 hours. Here’s the response I finally received:
Please answer the following questions to verify the authenticity of the claiming account, based on your response we will help you to retrieve your CRM account.
- Provide us the screenshot / forward the welcome email or TFA activation email which you have received from us.
- Mention the mobile number that is added under the account.
- When was the last time/date you changed the account password?
Honestly, who has this type of obscure information at their fingertips? How many people even know what a TFA activation email is? Imagine being on a business trip and you’re preparing for a big pitch, but you cannot access your presentation. You request help from your provider’s helpdesk and the response you receive is hardly helpful.
I get it, online service providers are responsible for the security of my data, and to protect my account from unauthorized access they must control my identity. However, this old world thinking and technology creates problems by making all of us slaves to an identity that we don’t control.
Stop this merry-go-round, I wanna get off!
This connection between identity and access costs business billions of dollars a year in lost opportunity and direct labor costs associated with maintaining a team of IT helpdesk specialists who constantly reset passwords so that employees can regain access to the critical services they need to generate revenue to pay for those helpdesks. The merry-go-round continues.
If our identity was separated from our access, each of us would be able to determine our own means of accessing the services we use every day, and all those helpdesk specialists who spend so much time resetting passwords could accomplish far more important tasks.
I still don’t have access to our CRM, so I don’t know if you’ll ever read this. But I’m going to take a chance and digitally drop this message via various platforms. Perhaps someday someone will get my message as it washes up on a faraway cyber-beach. At least I know the Internet ocean will always carry my message in a bottle somewhere…