The good news is, DIDs are as secure as they get. The bad news is that each individual user is responsible for his security. In the end it again comes down to how well users are educated and know how to deal with their private keys that hold access to their information.
There are two important concepts of security that everyone needs to be aware with DIDs. The first is how to take care of your actual decentralized identifier and the second is how to store your data in the verifiable claims.
The DID itself is actually a private key, that can be stored as a seed phrase in the same way as your blockchain wallet. This part of the digital identity is stored on chain and if you lose it, you lose your identity.
For ease of use, private keys are mostly just stored on your device. They are encrypted and can be decrypted using standard on-device authentication methods like biometrics, passwords or similar. This can be done without putting bigger responsibility on the end user of storing private keys and doesn’t require any special knowledge beside knowing to use your phone. But it does come at the expense of having the DID bound to only that device. You lose your device; your ID is gone.
We need to find better solutions for this and there are already ideas working on restoration of your DID through social backup where a few selected and trusted friends or family can each hold a part of your private key.
The problem again comes with how to store the actual claims, as that might be quite a large amount of data and sensitive in nature which means that storing it online in a persistent manner is not advisable, even if properly encrypted. With time, every encryption can get broken and at that point you want to be able to delete your sensitive information and use new encryption algorithms to secure them. This means that actual personal data should never be stored on chain.
If you made it this far you should know enough to be able to make up your mind. Not everyone may agree with me, but I think there is a clear direction we need to go with the identities. They should give control over your data back to you. They should allow for transparency, privacy and in certain cases even anonymity. And they should use blockchain technology to achieve this and with the highest security standards in mind.
This is how we are implementing digital identities at 3air.
There are still certain challenges that need to be solved like full decentralization of DIDs and how to make it easier to use and adopt, but I do think we are at the point where they can start to be implemented and refined on the feedback of early adopters.
Our current version of official IDs is not going away any time soon, but running DIDs in parallel is for sure possible. It just makes the world a better place and has the potential to change how we think about digital ownership. It can even revolutionize social and political systems. We are either way overdue for a makeover in that area.