Archive: September 18th, 2018

Obscurity in the Swedish BankID

The Swedish BankID is a digital authentication and signature framework. As mentioned in a previous post it has been a huge success.

So why complain? I do complain because, as BankID has become ubiquitous in all kinds of Swedish internet services, it has set a dubious standard. BankID contains elements of security by obscurity that abuses the rights of the general public. The obscurity is not limited to technicalities. It also involves legally questionable practices that have become de facto standard.
Continue »