The whole issue with banking apps must seem strange to people in some countries, and make perfect sense to people in other countries. My whole country rely on a 2FA app made by the banks. It’s in every aspect of society. Buying a bus ticket, booking a time for health care, doing taxes, applying for an apartment, signing contracts, all done with the same banking app. Only people with stallmanesque convictions manage without, with lots of effort. So far that app works on e/os/ and GrapheneOS, but not regular desktop Linux.
I agree, and it’s run by private companies who could just shut it down or use it in evil ways. Our government is maybe making a state owned solution, but it will take time.
2FA is the opposite of a single point of failure though. In order to impersonate you someone has to have access to your authentication device and your master password. There are no passwords to remember or get leaked/stolen, and you still have traditional identification and a physical backup in the form of codes or an authentication device.
In Sweden it’s like a minute of your time to set up a new phone, or at worst a trip to the bank if you lost your authenticator.
It also has a screen showing what information or authorization is being requested so that it’s much harder to get scammed.
It’s a pain in the ass if you don’t have access for whatever reason, yeah. A lot of that could be alleviated by government policies though. I don’t think it should be legal for public services to refer you to their website or app when you’re asking for help in-person. There’s also no laws against businesses refusing cash, and the banks keep removing ATMs, so it’s getting harder to manage without relying on a phone. I like e-ID, but I don’t like removing traditional human interaction. Kind of like how I love 5G cellphones and hate that they keep removing services like landlines and 2G. Low-tech is vital sometimes.
I’m having trouble imagining how this makes anything more difficult than a traditional password setup. Can you please explain?
I know there’s issues surrounding its use, but solving those issues involves changing other policies, not getting rid of e-identification. For example, allowing someone to access their medical records in person instead of demanding they use the website, a problem which would persist with a username and password.
I recently got back to my country. They have e-id. I opened an account. Got paid. My phone broke. Signing up to the app requires a computer with an e-id reader. I use it once every couple of years. It took me ages to find one. Only to realize the stupid browser extension wasn’t working with linux. At the end I had to go to the stupid city hall. I’m disabled. I would rather use my personal passphrase. What seems easy to you may not be for everybody. I hate it here. Everything is bureaucratic, security first so that the already rich banker doesn’t loose 20 euros to fraudster, nothing it adapted, everything is loud and complicated and annoying.
Well it would help, but generally speaking, it’s about cognitive load. Making things simple for people is nice for the commoner, but for an eldery or disabled people, it can be vital.
I guess, but I’ve gone without BankID for about month previously. (It was my own fault for procrastinating multiple things.) You don’t need it; it’s just very convenient.
I’m having difficulty envisioning a malicious update. There’s a lot of transparency and regulations.
Many of the elderly don’t know how to use their phones well, but most (from my experience, not actual data) can use BankID without issue because it’s simple to use. Before BankID they used much fussier code-based authenticators, so I think most people old enough to remember that are happy for modern convenience.
But a lot of web- and app-based services are less accessible for them. Finding out the bus times, navigating health services, and paying bills are often not available through traditional low-tech means. They also have the problem of not understanding why their old phone suddenly doesn’t work anymore. (They just took down the 2G network, for instance, and BankID no longer supports Android 9 and lower, if I’m remembering the right version.)
On most public transport nowadays it’s impossible to buy a ticket while boarding, but there isn’t so much as an automated ticket machine anywhere anymore. There are very nice customer service centers at central stations, but that doesn’t help the people trying to get to the central station.
There are a lot of problems, but I don’t think BankID is causing the most egregious ones. It’s a problem if you can’t access online banking because you can’t use the software to log in, but it’s even more of a problem if you don’t have the alternative of physical banking because society is cashless. It should be made more possible to live without digital services and smartphones even though I personally enjoy them.
My bank has a website I can use to bank through, I dont even need an app.
The whole issue with banking apps must seem strange to people in some countries, and make perfect sense to people in other countries. My whole country rely on a 2FA app made by the banks. It’s in every aspect of society. Buying a bus ticket, booking a time for health care, doing taxes, applying for an apartment, signing contracts, all done with the same banking app. Only people with stallmanesque convictions manage without, with lots of effort. So far that app works on e/os/ and GrapheneOS, but not regular desktop Linux.
Oh, that’s a terrifying single point of failure.
I agree, and it’s run by private companies who could just shut it down or use it in evil ways. Our government is maybe making a state owned solution, but it will take time.
If you’re in Sweden you’ll be glad to know Sverige-ID is coming this December.
Aha, didn’t know that, thanks. I hope it will work with free operating systems.
2FA is the opposite of a single point of failure though. In order to impersonate you someone has to have access to your authentication device and your master password. There are no passwords to remember or get leaked/stolen, and you still have traditional identification and a physical backup in the form of codes or an authentication device.
In Sweden it’s like a minute of your time to set up a new phone, or at worst a trip to the bank if you lost your authenticator.
It also has a screen showing what information or authorization is being requested so that it’s much harder to get scammed.
I meant single point of failure as in, if the service gets interrupted you’re locked out of alot of shit you need until it comes back up.
The trade offs may be worth it, because overall that seems pretty useful.
It’s a pain in the ass if you don’t have access for whatever reason, yeah. A lot of that could be alleviated by government policies though. I don’t think it should be legal for public services to refer you to their website or app when you’re asking for help in-person. There’s also no laws against businesses refusing cash, and the banks keep removing ATMs, so it’s getting harder to manage without relying on a phone. I like e-ID, but I don’t like removing traditional human interaction. Kind of like how I love 5G cellphones and hate that they keep removing services like landlines and 2G. Low-tech is vital sometimes.
This is terrible for disabled people.
I’m having trouble imagining how this makes anything more difficult than a traditional password setup. Can you please explain?
I know there’s issues surrounding its use, but solving those issues involves changing other policies, not getting rid of e-identification. For example, allowing someone to access their medical records in person instead of demanding they use the website, a problem which would persist with a username and password.
I recently got back to my country. They have e-id. I opened an account. Got paid. My phone broke. Signing up to the app requires a computer with an e-id reader. I use it once every couple of years. It took me ages to find one. Only to realize the stupid browser extension wasn’t working with linux. At the end I had to go to the stupid city hall. I’m disabled. I would rather use my personal passphrase. What seems easy to you may not be for everybody. I hate it here. Everything is bureaucratic, security first so that the already rich banker doesn’t loose 20 euros to fraudster, nothing it adapted, everything is loud and complicated and annoying.
I hope I haven’t given the impression that I don’t take your experience seriously. I only ask questions to understand things better.
Would having the option to use a personal passphrase in lieu of the usual e-id solve your problem entirely, or would further measures be needed?
Well it would help, but generally speaking, it’s about cognitive load. Making things simple for people is nice for the commoner, but for an eldery or disabled people, it can be vital.
I think they meant that the single app by all banks can go down through backend crash, buggy/malicious app update, etc.
I guess, but I’ve gone without BankID for about month previously. (It was my own fault for procrastinating multiple things.) You don’t need it; it’s just very convenient.
I’m having difficulty envisioning a malicious update. There’s a lot of transparency and regulations.
Ah right, that makes sense. If it were like upi or pix, and had single point of failure, it would have been scary.
I’m not familiar with those and would be interested to learn what’s bad about them.
Ah, no, sorry about the miscommunication.
Upi is massive in India. Big to the point that not having access to it is more than an inconvenience, it will be like Microsoft going down.
However, it is technically a protocol with federated servers and apps. Hence, there’s no single point of failure.
I meant to say if a crucial system with a single point of failure had no alternatives, it would have been scary.
What do people without smartphones (like the elderly) do?
Many of the elderly don’t know how to use their phones well, but most (from my experience, not actual data) can use BankID without issue because it’s simple to use. Before BankID they used much fussier code-based authenticators, so I think most people old enough to remember that are happy for modern convenience.
But a lot of web- and app-based services are less accessible for them. Finding out the bus times, navigating health services, and paying bills are often not available through traditional low-tech means. They also have the problem of not understanding why their old phone suddenly doesn’t work anymore. (They just took down the 2G network, for instance, and BankID no longer supports Android 9 and lower, if I’m remembering the right version.)
On most public transport nowadays it’s impossible to buy a ticket while boarding, but there isn’t so much as an automated ticket machine anywhere anymore. There are very nice customer service centers at central stations, but that doesn’t help the people trying to get to the central station.
There are a lot of problems, but I don’t think BankID is causing the most egregious ones. It’s a problem if you can’t access online banking because you can’t use the software to log in, but it’s even more of a problem if you don’t have the alternative of physical banking because society is cashless. It should be made more possible to live without digital services and smartphones even though I personally enjoy them.
They have smartphones, unless they are so old that they don’t need it.