Tbh, I feel this is stupid.
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
Tbh, I feel this is stupid.
Banks are giving out QR Tan. Optical TAN devices which work with credit cards and it has been going pretty well. Why can eiDAS not have something similar. Distribute hardware tokens. Get rid of dependency on any OS.
Banks actually have high fraud rates today because of weak security mechanisms. If attackers steal your money, the bank will reimburse you. If attackers steal your identity, you are really screwed. Security requirements for banking and identity are simply different.
Mobile Google account based is even weaker than hardware tokens used by banks. Make of that what you will.
Please give some evidence that this is due to hardware tokens failing where a smartphone based solution would have prevented it
If they use SSN as a password, it doesn't mean you can't have something slightly more reasonable without going full cyberpunk dystopia.
Plenty of EU countries have rolled out SmartCards for this exact purpose, some are now adding NFC functionality. Nothing really stops Germany from continuing like that either.
The issue then becomes the UI/UX. If the legal mandate is not strong enough the solution will not gain enough ground. You can see this if you start comparing those countries with an eID rolled out.
The German ID card (Personalausweis) supports certificates and communication via NFC. I really don’t understand what’s all this about?
This is about what device you use to verify this. Currently, the ausweisapp on android allows you to authenticate to your authorities. However, this can also be done with a TAN generator and a user name and password like banks do.and them you dont need to depend on a trusted mobile phone.
I'm pretty sure electronic IDs are a good starting point for exactly this. Hopefully they get wider use inside the EU.
why do you hope that?
Because there are many interesting uses for having a personal electronic token that's also recognized by your own government. My own interest is in using it as a base for establishing an identity for electronic ballots.
sure but I don't understand how electronic IDs are a good starting point for having QR TAN or some other hardwarde device. I think OS-agnostic hardware should be the default starting point, not the other way around.
The electronic ID hosts a cryptographic key that can be used through some sort of hardware device in order to generate QR codes, or whatever that are linked to the user's official identity...
The public part of the identity (which in our example it was enrolled at bank account opening) can be used by the server that checks the QR code to see if it actually belongs to the correct account owner.