Comment by tintumon
BankID (or Freja ID) in Sweden which makes login to almost everything a breeze.
- Sweden’s national digital ID, run by banks - Used for login, payments, contracts, gov services - Legally binding like a handwritten signature
BankID (or Freja ID) in Sweden which makes login to almost everything a breeze.
- Sweden’s national digital ID, run by banks - Used for login, payments, contracts, gov services - Legally binding like a handwritten signature
Typically the website displays a QR code which you scan with the BankID app - the app prompts you to authenticate and you use a fingerprint or a 6 digit pin code to confirm.
The app has a certificate set up so if some rando has the app and shoulder surfed your pin they would not be able to login.
Establishing the app certificate initially on your device requires interaction with your bank account - via an existing BankID setup or a bank issued OTC dongle.
It works extremely well and allows for a lot of "joined-up" thinking. For example I can log in to various online pharmacies and see and refresh the prescription from my doctor (and from the vet for my cat). The ubiquitous Swish cash transfer app is authenticated by BankID.
Downsides:
It can be a nuisance for those moving here; before you get your state ID ("personal number") you can't get BankID and it's borderline impossible to get a bank account!
The app has a single owner and uses pinned certs so it's virtually impossible to do BankID on anything except an Android or iOS device. No Pine Phone for you unless you want to carry a second device for BankID.
How does someone login via this system? I'm asking because it has the force of law. In that sense, I can't imagine that passwords alone would be enough.