What are digital credentials?

Digital credentials can also verify a person’s specific skills and accomplishments, such as completing a course or degree program. They are used by a variety of organizations, including businesses, nonprofits, educational institutions and training providers.

In cybersecurity, digital credentials can help reduce the risk of identity-based cyberattacks. Threat actors today often find it easier to hijack valid accounts than to hack into a system. The IBM® X-Force® Threat Intelligence Index found that the misuse of valid accounts is cybercriminals’ most common entry point into victim environments, accounting for 30% of all incidents.

Digital credentials can take the place of passwords and other authentication factors that hackers can easily crack. To take over an account, the attacker would need to steal the digital credential—which is much harder to do than brute-forcing a password. Digital credentials are also difficult to counterfeit, as they are often protected by measures such as encryption or blockchain-based verification.  

Digital credentials are often designed, created, delivered, managed and revoked by the issuing organization on an enterprise-grade digital credential platform.

Application programming interfaces (APIs) allow these platforms to connect with other services so that the credentials can verify a user’s identity across multiple systems. Users can sometimes share their credentials manually through links, QR codes, digital files, apps and a blockchain.

Digital credentials are available in multiple forms, specialized for different environments and functions. Common types include:

• Digital badges
• Microcredentials
• Open Badges
• Digital certificates
• Blockchain credentials
• Verifiable digital credentials

Digital badges are often used as proof of a credential earned, such as completing a course of study. They can also be used as proof of identity or attendance at events and conferences.

Digital badges usually take the form of a digital image or icon containing metadata such as the issuer’s name, recipient’s information, badge details and verification methods. Badges are often authenticated using cryptographic signatures.

Microcredentials are a type of digital badge used to verify smaller-scale accomplishments, such as completion of a webinar or individual modules in online courses. Microcredentials enable learners to focus on the specific modules of a larger course with the most valuable professional development or learning outcomes.

Open Badges are digital badges that adhere to the Open Badges standard originally developed by the Mozilla Foundation. The standard supports badge interoperability across an ecosystem of websites and applications, including social media platforms such as LinkedIn and integrations with email signatures.

The standard specifies a common metadata format and methods for sharing that metadata, such as by embedding it within an image. It also includes a mechanism for validating badges through cryptographic signatures.

The term “digital certificate” can refer to two distinct kinds of credentials: those that verify a person’s accomplishments and those that authenticate users and devices.

Accomplishment-based digital certificates generally signify the same kinds of competencies as paper certificates, such as diplomas. One of the key differences between digital badges and certificates is that certificates usually involve more effort, such as completing a degree program at an educational institution, finishing a professional certification program or earning membership in a professional organization.

Some types of digital certificates are used to identify and authenticate users, servers, services, computers, smartphones and Internet of Things (IoT) devices. These certificates are issued by a trusted certificate authority and contain unique descriptors of their holders, which are used to verify the holder’s identity. Digital certificates use public key cryptography to authenticate certificates and prevent theft or forgery.

Some organizations and credential providers use blockchain technology—a shared, immutable ledger—to help ensure that credentials are not forged or stolen. Digital credentials stored on the blockchain cannot be altered and can be verified by anyone with access, which helps build trust among all stakeholders.

The issuer—such as an educational institution or an enterprise security team—creates a digital credential to certify the identity or qualifications of a holder. The details of the credential are recorded on the blockchain.

The holder stores their credential in a digital wallet. When the holder needs to verify their identity or some other assertion, they present the digital credential. The verifier—whoever needs to authenticate this holder—can check the credential against the public blockchain record to ensure its validity.

Verifiable digital credentials are not exactly a distinct type of credential, but an approach to creating secure, reliable credentials. Verifiable credentials are credentials that have some built-in way to be verified, such as a QR code that can be scanned to access verification information or a cryptographic signature from a trusted authority.

Any of the other credential types listed here can be considered verifiable digital credentials as long as they meet this requirement.

Some verifiable digital credentials adhere to the Verifiable Credentials standard from the World Wide Web Consortium. These credentials follow a structured approach for using JSON or JSON-LD to define characteristics such as issuer ID, holder attributes and cryptographic proof for authenticating the credential.

• Authenticating user identities
• Verifying professional credentials
• Complying with data privacy mandates
• Authenticating physical assets and resources

Digital credentials can facilitate verification processes in a variety of situations, including corporate, customer service and legal systems.

For example, with credentials on a smartphone app, an individual can prove their identity at airports, during traffic stops or when purchasing alcohol. New York State has launched just such a digital identity app in cooperation with the US Transportation Security Administration (TSA).¹

In the financial sector, digital credentials can strengthen and streamline identity verification for activities such as money transfers and account management. Tamper-proof credentials can be both more convenient and more reliable than passwords or other authentication factors, which can be forged or stolen.

In government, digital credentials enable citizens to verify themselves so they can collect benefits and file taxes. Governments can trust that these citizens are who they say they are before releasing information or delivering services.

Digital credentials can represent professional licenses and certifications, enabling individuals to easily prove their qualifications and competencies to potential employers.

Credentials can validate nearly any assessment, credentialing program or professional learning experience, from coding boot camps to medical licenses. Higher-education institutions might also use them to validate degrees and diplomas.

Less scrupulous job seekers have been known to fabricate achievements. Requiring verifiable digital credentials as proof can help employers spot them.

Digital credentials can help facilitate data-sharing while complying with data privacy regulations such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA).

For example, some digital credentials allow for selective information sharing. Consider a digital credential in a healthcare setting, which might contain data about a patient’s identity, insurance coverage, demographics and medical history.

With selective sharing, a patient could use this credential to confirm insurance coverage without also disclosing their medical history. The same credential could be used to confirm vaccine status or prescription history, too. In each scenario, only the necessary information is shared. Irrelevant data is kept private, which protects the credential holder and helps the organization comply with data privacy regulations.

Credentials are often seen as a method for verifying the identity of a person, but they can also be used to authenticate physical assets and resources.

For example, a company can use a blockchain to credential their products. Credentials can include information such as country of origin, product quality, regulatory compliance data and more. People and organizations can then use these blockchain-based credentials to verify the authenticity of products and combat counterfeiting.

• Improved identity and access management
• Streamlined verification
• Improved user experience
• Credential longevity

Verifiable digital credentials can help strengthen identity and access management (IAM) systems.

IAM systems rely on authentication factors—such as passwords and security keys—to verify users’ identities so they can receive the appropriate system access permissions. However, threat actors can steal or forge these factors with relative ease, allowing them to gain and abuse permissions they shouldn’t have.

Digital credentials offer an alternative. These credentials can be automatically shared and securely verified using cryptographic signatures, granting access to authorized users while detecting and blocking forged or stolen credentials.

Digital credentials can also make identity verification faster and almost frictionless compared to traditional credentials.

When digital credentials are integrated into existing systems and workflows, users do not have to remember anything or carry any special objects or devices. Instead, they can share digital credentials through APIs, links and QR codes, making authentication almost automatic.

Artificial intelligence (AI) and machine learning (ML) can help speed identity verification even further—for example, by automatically cross-referencing credential data with trusted databases and looking for signs of tampering.

Organizations can also outsource credential administration to a third-party service, such as Credly, for further time and cost savings. 

Digital credentials can also simplify customer identity and access management (CIAM), enhancing the user experience (UX).

Instead of cumbersome log-in processes, customers can use digital credentials to authenticate themselves and gain access to their accounts. This more convenient process has the potential to encourage more user sign-ups. Customers are generally more willing to register with an organization if the barrier for doing so is low.

The organizations and educational institutions that grant credentials might cease operations, which can make it difficult to verify paper credentials such as diplomas.

Digital credentials, however, can be independently authenticated—especially if they use decentralized methods such as a blockchain. They can remain usable and reliable long after issuing institutions have shut down.