There are now more than 20 different types of online credentials that employers, educational institutions, and companies seek to verify. Some of these attestations are absolutely necessary to verify your identity (e.g., the company you work for wants to verify that you’re actually an employee). Others are used more as a tool to verify your identity (e.g., an educational institution wants to make sure that you’re a real person before awarding you a degree). Still, others exist solely to allow companies to track the individuals that they’ve hired (e.g., a staffing agency wants to make sure that the companies that they place workers with do not share any of their information with unauthorized parties).

Because of the diverse nature of these credentials, and the fact that some of them can be easily and quickly faked, it can be quite difficult to verify their authenticity. If you’re receiving one of these online attestations and you’re wondering whether or not it’s genuine, here are some helpful tips on how to tell if an online credential is legitimate or not.

Look For The Signs Of A Legitimate Credential

As the name implies, a legitimate online certificate will have a valid certificate authority (CA) behind it. In most cases, you’ll also be able to determine whether or not a particular certificate is legitimate by looking at the URL associated with the certificate. When you encounter a certificate that has a valid CA and was issued for a legitimate business or institution, you can be reasonably sure that it’s a legitimate credential and not something forged by a malefactor.

If the certificate authority is unknown or fake, or if there’s no indication that the site is legitimate (e.g., it’s a domain that was spoofed to look like a reputable institution), you should assume that the certificate is suspicious and might be a forgery.

Beyond that, you can look for various telltale signs that might give you an indication of whether or not to trust a particular certificate. For example, if you encounter a certificate with a known fraudulent CA or if the site seems suspicious in any way (e.g., the address is fake or the certificate was issued for a different business or website), you should assume that the certificate is fraudulent.

When you encounter a certificate for which you don’t have the answer to “who certifies it”, “why it was certied”, or even “where it was issued”, it usually means one of two things:

Either The Entire Credential Is Suspect

If you encounter a multi-part piece of information, such as an email or a password, and you don’t know what it belongs to or why you need it, it’s usually a sign that everything attached to it is suspect. If you do need the information, contact the site that you believe the data came from and ask them for extra clarification.

Or, You Found A Copy Of A Legitimate Credential

If you find a copy of a legitimate credential on the web (e.g., a company website that was hacked and the credentials were posted), you should assume that the original still exists and is being kept by the organization it was issued to. If you believe that you’ve found a copy of a legitimate certificate, take a little time to look for and report any suspicious activity regarding the original. It’s also a good idea to change your password as soon as possible once you’ve verified that it has not been compromised.

To help you determine what type of certificate you should associate with a particular individual, website, or company, let’s take a quick look at some of the more widely used ones…

Determining What Type Of Certificate To Associate With A Given Entity

When determining what type of certificate to associate with a given entity, you must first decide what form that authentication will take (i.e., what will be the outcome of verifying your identity). Next, you will want to know what information the entity has on record about you. This is known as your personal data or profile. For example, if you encounter a certificate issued by a college and you don’t have a school transcript, you should assume that the information on the certificate is not accurate. In most cases, you can find this information on the school’s website or alumni website.

Once you’ve collected all of this information, you can begin to determine the type of certificate that you should associate with each entity based on your preferences and the nature of the interaction that you wish to have with that entity.

The Most Common Types Of Certificates

While it’s not entirely common, it is fairly common for companies to issue web-based certificates to their employees. These are known as corporate credentials and they can be useful for proving your identity when giving web-based interviews or completing online transactions with the company.

Some of the more popular corporate certificates that you might encounter include:

• An XML ID certificate. This certificate is tied to a specific resource on the web and it can be issued to any employee or contractor of the company. An XML ID certificate provides a user with the ability to digitally sign documents using a standard XML format. In addition to proving the identity of the person using it, an XML ID certificate can be used to prove the identity of the company that it belongs to. For more information, see:
  • Why Do I Need An XML ID Certificate?
  • What Is A Certificate Authority?
  • How Do I Contact The Certificate Authority?
  • The New OpenID Connect Framework

  A social security number is mandatory for many jobs, but it’s not necessarily something that you need to provide in order to prove your identity. In most cases, an employer will look for previous documentation relating to your social security number (e.g., a previous paycheck or W-2 form), in order to verify your identity. However, if you don’t have access to or don’t want to provide your social security number, you can provide other forms of documentation that confirms your identity (e.g., a utility bill that has your name and address on it, a paycheck from a different employer, etc.).

  Educational Institution Certificates

  If you’re seeking to prove your identity when dealing with an educational institution (e.g., a university or college), you should look for an educational institution certificate. These are basically online versions of a traditional diploma that an educational institution will issue to a student. Some of the more common types of educational institution certificates include:

  • The Mozilla Education Consortium (ECS) ID
    • Mozilla ECS ID
      • Mozilla ECS ID Documentation
      • Mozilla ECS ID Responsibilities
      • Mozilla ECS ID Contact
  • DIGiCert ID
  • VeriSign ID
  • Certificate Maker
  • Sams Classics
  • Sams Classics

  Once you’ve collected all of this information, you can begin to determine the type of credential that you should associate with each entity based on your preferences and the nature of the interaction that you wish to have with that entity.