> These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)
It's great you do have a bank-bound system in Finland. I hope their implementation is not as bad as e.g. the Swedish BankID.
BankID is _in theory_ a nice technology. However, it is only handed out to people registered with the Swedish tax authorities holding a Swedish bank account.
All daily activities are nowadays bound to BankID: need a doctor's appointment? -> needs BankID; Want to buy something on Blocket? -> needs BankID.
As an European frequently spending some time in Sweden not in possession of a Swedish tax #, I feel very much excluded from online and partially offline activities in this country.
Well that is the point of this entire digital wallet thingy, there's going to be a transition period since everything here is more or less hardcoded to bankid not to mention tons of code with presumptions about Swedish identity semantics (that do differ from other countries).
But on the plus-side the Swedish state-eID solutions is planned to be delivered by end of year and hopefully most organizations will start migrating or at least dual-supporting them and in doing so also fix their services to support foreign eID's in the process.
This is a problem I'm seeing a lot of countries rushing full steam ahead. The age of a single physical ID that's only rarely needed and ubiquitous cash payments seems to be coming to an end. For anyone who travels a lot, migrants first settling in a place, or citizens abroad, this makes things even harder than they already were.
The ability of the government(s) to exclude you from every day activities required for participation in society (or survival) if you run afoul of their edicts is a feature of digital ID/digital currency, not a bug.
Again, it's all still tied to that one device, the phone, if it's hacked it's really game over and with a big enough hole in the Android or iOS ecosystem that could be wormable a lot of people could be exploited en-masse.
Sure a 24h delay or SMS code are 2 way but they fully fall into the bandaid category.
In the past we used to have disconnected dongles for banking, the bank issued a one-time challange and you entered the response along with your username. Now there are disadvantages with those also but at least it was fully airgapped.