The gold standard of identification and authentication is in the physical world.

You go to a government office, you provide your meat puppet self, some necessary documentation, and are issued with a physical document. It's watermarked, has your photograph, its unique identifier and personal details are stored by the issuer. This is the enrolment process.

When you cross a border or go to a bank, authentication is tied to the identification process. You present yourself, the physical document, and the guard or bank teller verifies its authenticity from the issuer, performs photo identification, and then allows you to cross the border or access your bank account.

The original sin of the digital world was to untether identification from authentication.

You'd start a job or open a bank account and be given login details, and you have better things to do than memorise these or store them in a vault somewhere so they'd get written down or lost or stolen.

And you end up with dozens of the damn things. These credentials don't prove anything about the person bearing them except that happen know them. Did they obtain them legitimately?

Identity practitioners get excited with various post-password alternatives. Phishing resistant, bound to a device, one time only, biometric, etc, yet the original sin was always decoupling identification from authentication. Would you give your driver's license to your underage brother to buy booze? No for plenty of reasons, but also because that identity document is mostly worthless as a way to access a resource (booze) without it also identifying the bearer.

We now have the technology and the standard for bringing the digital to a level of trust approaching the physical, and it's verifiable credentials.

Let an authorised official identify you (ideally in person the first time), issue you a cryptographically signed "identification document" to your mobile wallet, and then every time you need to access a protected resource - the equivalent of the border guard or the bank teller demanding you present your identity document - you present the relevant set of claims to access the resource from this digital document. A document which happens to be digitally signed by the issuer. The bank teller trusts the assertions about you on your identity document, made by a trusted issuer.

You control who sees this document, you control what they see in it. They, the relying party, have a far better level of assurance not only that the authentication token is valid, but that it's also tied to you.

There are no panaceas to digital identity or cybersecurity, but this beats the old model of having dozens of potentially re-playable authentication credentials written on pieces of paper, duplicated across apps, or awkward attempts to replace passwords without addressing the original digital identity sin.