September 18th, 2018
The Swedish BankID is a digital authentication and signature framework. As mentioned in a previous post it has been a huge success.
So why complain? I do complain because, as BankID has become ubiquitous in all kinds of Swedish internet services, it has set a dubious standard. BankID contains elements of security by obscurity that abuses the rights of the general public. The obscurity is not limited to technicalities. It also involves legally questionable practices that have become de facto standard.
Continue »
Topics:
Digital Signatures |
Comments Off on Obscurity in the Swedish BankID
September 11th, 2018
A previous post described a security hole used for big-time fraud abusing the Swedish BankID.
The company behind BankID, Finansiell ID-Teknik AB, announces a remedy, available immediately.
Continue »
Topics:
Digital Signatures |
Comments Off on Update: BankID Security Hole Patched
September 11th, 2018
The Swedish BankID, a digital authentication and signature framework, is a huge success. Even with the small (10 M) population of Sweden, the number of authentications runs into billions annually.
However, unfavourable publicity recently hit BankID. A number of very public big time fraud convictions broke the hush-up wall that banks traditionally build around their security. All of a sudden customers of banks and financial institutions were flooded with information on how to handle their BankID in order to protect themselves.
Can BankID really be broken? A “yes” seems obvious, but, well, not exactly.
Continue »
Topics:
Digital Signatures |
Comments Off on The Gaping Security Hole in Swedish BankID