zlacker

[return to "I read the federal government’s Zero-Trust Memo so you don’t have to"]
1. adream+NC[view] [source] 2022-01-27 18:02:37
>>EthanH+(OP)
Here in Norway we have BankID which uses MFA. To access any government, banking, or official system you have to authenticate with your BankID.

Its simple amazing.

◧◩
2. zajio1+RT[view] [source] 2022-01-27 19:17:52
>>adream+NC
Here in Czechia we have BankID and it is problematic:

1) No verification that the user trusts that particular bank to perform this service. Most banks just deployed BankID for all their customers.

2) No verification between bank and government ensuring that particular person can be represented by particular bank. In principle a bank could inpersonate a person even if that person have no legal relation with that bank.

3) Bank authentication is generally bad. Either login+SMS, or proprietary smartphone applications. No FIDO U2F or any token based systems.

Fortunately, there are also alternatives for identification to government services:

1) Government ID card with smartcard chip. But not everyone has a new version of ID card (old version does not have chip). It also requires separate hardware (smartcard reader) and some software middleware.

2) MojeID service (mojeid.cz) that uses FIDO U2F token.

Disclaimer: working for CZ.NIC org that also offers MojeID service.

◧◩◪
3. mormeg+Zz1[view] [source] 2022-01-27 22:04:57
>>zajio1+RT
#2 and partially #1 are solved by regulation and reputation: banks are highly regulated business, and BankID support requires specific security audit.

Ad #3: FIDO is basically unusable for banking. It's designed for user authentication, not transaction signatures which banks need (and must do because of the PSD2 regulation).

[go to top]