“You are what you do”

Verify identity by checking things that have been done by a user, just like "aren't you the one who were waiting in line with me for a taxi yesterday at the station? we discussed the NBA season, didn't we?" – wouldn't that be much better than an endless list of usernames, keycodes, PINs and passwords?

This is the promise made by a new approach in identity management, relying on the huge amount of tiny crumbs of information that we left behind every time we perform an action on a service platform. Reality mining, as it is called by the MIT Media Lab research group, is indeed a fascinating subject but I believe that it is better suited for the creation of a new generation of recommendation systems, based on both conscious and unaware behavioural patterns.

Many questions arise: some are related to data ownership, such as the concerns about where all this personal information should be stored and the related privacy issues. But there ones which are specific to identity management: if I use a digital device (such as a cellphone) to store this information, shouldn't I protect it?  And, most of all, what if the safety of my credentials is compromised? After all, a password can be reset – but what about my past actions?