Comment by tmikaeld
1 year ago
My gripe with any of the open source phones is that id apps such as bankid don’t work without the secure token storage of Android. Is this Solvable?
1 year ago
My gripe with any of the open source phones is that id apps such as bankid don’t work without the secure token storage of Android. Is this Solvable?
You could always protect the signing certificates in the apps with derived passwords, still the length of passkeys practically acceptable to type in on a phone is too short to safely protect a certificate vs a bruteforce attack without some kind of HW assisted storage.
In the end it also boils down to what devices the BankID app providers are willing to support, I have a hard time seeing anything but iOS or Android devices being supported in the near future, Esp as Swedish BankID's now also requires NFC support to read the local police issued ID cards (had to get a new testing-device just due to this requirement).
Note: BankID is the name of personal identity apps that support authentication and signatures in Sweden, Norway and Finland, the authentication is used to access a myriad of both public and private sites like tax office, unemployment, healthcare and gyms. The signatures done via the apps are generally accepted to be of as good legal standing as a signed paper.
I've never heard of BankID in Finland - perhaps the common name is something else?
I would also have commented: Not supported in Finland. I think I have read articles that they tried to get marketing share, but AFAIK they have failed completely.
On the positive side in Finland you can use SIM Toolkit for legally sanctioned 2FA (mobiilivarmenne). That should be much easier to implement without having Google involved.
2 replies →
It's a swedish thing.