An entity (e.g., an individual or a business) can have an online identity based on a variety of information or characteristics about the entity, the assets associated with the entity, or devices associated with the entity. The online identity can be used by an online service to distinguish the entity from other entities prior to a transaction, via the online service, between the entity and the online service.
Different identity sources or forms of identification can be used to provide proof of an online identity. For example, an individual can have several different forms of identification including personally identifiable information (e.g., a driver's license number, a social security number, etc.) or biometrics (e.g., a fingerprint). A server running an online service can request a combination of identification sources from a computing device associated with a remote entity for verifying the online identity of the remote entity prior to the server providing the remote entity with a product, service, or access to sensitive information. Different online services can request different forms of identification. For instance, a server running a website for a loan provider may request information such as a social security number, a name, and a credit history, while a server running a website for a rental car provider may request a driver's license number, a credit card number, and a home address.
Some of the identification sources can have a long life. For example, a social security number or a mailing address may be associated with a given individual over many years. Thus, providing multiple sources of identification having long lives to online services can expose an entity to a risk of identity theft if electronic communications of these identification sources are intercepted by parties other than the online services.