This week’s Q&A is with Cyrille, our Head of Mobile. He is one of the very first members of the Yoti team and oversees all aspects of the Yoti app.
Yoti lets you prove who you are, online and in person. It’s your ID on your phone and can be used in many situations – at a gig, at a nightclub, at a supermarket, on websites – it really will make your everyday life so much easier. It also lets you leave your precious documents safe at home – there’s no need to carry these around with you whenever you need to prove your identity.
The identification problem. We often need to prove our identity to show that we are allowed to do something, such as get into a nightclub or buy a bottle of wine, but currently we have to show paper documents and reveal so much information about ourselves. Yoti makes it far easier and safer to prove who we are, and just show the information needed for that situation, rather than reveal our whole identity.
Anonymous age verification. I think this will be such a great feature for many people. In fact, this is already being used by the NSPCC to let young people anonymously prove they are under 18 in order to have sexually explicit images of themselves removed from the internet. I also think that giving everyone, especially those in developing countries, the chance to have a free, simple and secure identity could change millions of lives for the better.
It’s the first digital identity app that allows people to prove their identity both online AND in person. And you can even use it to check the identity of people you meet online. That’s pretty cool.
If I’ve done my job right, we’ve developed the app so the actual day to day use of Yoti is as simple as possible. There’s a lot of clever technical stuff and security going on in the background but hopefully we’ve designed it in a way that anyone can quickly understand how to use it. It’s been challenging building an app which has so much security, which also puts the user in complete control, and is easy to use. It’s been hard to find the right balance, but fingers crossed we’ve done a decent job!
It depends which phone you have – on Android it’s 20MB, and on iPhones it’s currently 80MB, but we’re working to reduce this. But, it’s definitely worth it for the extra space in your wallet or pocket for leaving your ID documents safe at home on a night out.
If someone else had your phone, in order for them to access your Yoti app they would firstly need to know the PIN to your phone (or have their fingerprint registered to your phone). They would then need to know the PIN to your Yoti app. Our system only allows someone to make so many attempts at the PIN before they are locked out of the account. For every wrong guess, the length of time you are locked out increases so someone can’t make brute force attacks against your PIN, they have to try each guess one by one. For example, we allow you 3 attempts and then you’re locked out for 5 minutes. If you get the PIN wrong again once those 5 minutes are up, you’re then locked out for 15 minutes.
In some situations when a higher level of security is required, the Yoti app may also ask the user to take a live selfie. If someone else had your phone and gained access to your Yoti app, their selfie would fail as it wouldn’t match the one you took when you created your Yoti account or the photo on your ID document.
If you delete the app without deleting the account first, your data will stay encrypted within the Yoti system. All you’ve done is remove access to your data and account because only you have access to your this with your phone. This is very similar to other apps – for example, if you delete the Facebook app off your phone, you still have a Facebook account – you’ve simply deleted the app. This is why we have Account Recovery and advise everyone to backup their account, so if you reinstall Yoti and have backed up your account first, you can access your account again. If you reinstall the app after deleting it and have not backed up your account, then you will not be able to access your account again.
I believe it’s really secure! We would not have released the app if we weren’t confident it had the strongest measures in place to protect our users.
We use different types of encryption and the best practice in encryption – using the strongest algorithms and the strongest length of encryption keys. When data is shared between two people, or between a person and a business only they can see the data. This is because both parties need to have Yoti in order to access the data, so the information always stays within the Yoti ecosystem. Additionally, information is always sent with many layers of encryption so we’re very confident no one can intercept this data.
The way we store user’s data is also very very secure. Let’s imagine that each piece of your personal data, your name and address for example, is placed through a different shredder. Each piece of the shredded information is then stored in a different safe which only you have the keys to. This is exactly how we store user data – each piece of a user’s personal information is encrypted, separated and securely stored, and only they have the keys needed to access and decrypt their data.
Basically a 4 digit PIN is too common. We wanted to give people a more secure login given Yoti is their digital identity app.
We don’t think it’s right to ask the user up front to add their passport or driving licence. It’s their choice whether they would like to add these documents and when to add them. We also encourage and promote data minimisation, i.e. asking for the right amount of data when it’s needed to accomplish something, rather than asking for lots of unnecessary information up front. We think it’s right to start with the minimum but necessary information, and then build up your account from there. Of course if someone wants to add their ID document right from the start then that’s great!
Depending on what someone is using Yoti for, they may only ever need to share a mobile number or email, in which case they wouldn’t ever need to add an ID document. However, if someone wants to use Yoti to prove their age to get into a nightclub or to buy alcohol from a supermarket, then they would need to add their passport or driving licence because we need verify their date of birth. There will also be some people who do not have a passport, and we don’t want to exclude them from using certain features of Yoti which don’t require an ID document, such as Yoti Password Manager.
Yes, it will always be free for consumers to prove their identity with Yoti. It’s your data so why should you be charged to use it?!
Security, ease of use, and data control.
We’re making the account creation process smoother – we’re continually improving the app to make the user experience the best it can be. We’re working on improving the homescreen of the app so it is more dynamic and personalised for users. For example it will show the progress of their account (i.e. which ID documents they have added), include new features, and explain the latest places they can use Yoti. Hopefully this will help people get the most out of the app. We also recently launched our first version of Yoti Password Manager. This version is only available on desktop browsers but we’re developing a version for mobile. Watch this space!
It will let you leave your valuable ID documents at home and prove your identity with Yoti, a much safer and easier way. You can get into a nightclub without showing that cringe-worthy passport photo or revealing your embarrassing middle name! Yoti lets you prove your identity, your way. Okay that was more than one sentence…
Working with some of the most talented people in Europe in order to actually make a difference in people’s life. Being part of a company that actually cares about doing things the right way for the right reason (hence us not being technically able to see your data if you don’t share it with us).
If you have any other questions about the app which you’d like Cyrille to answer, then please get in touch.