Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
@pastorpit Is Germany a system now? Talk about taking social distancing to the extreme.
-
The sign in strategy probably has a name like briefbasiertensicheresenpassworten anmelden
-
I think it's actually one of the better 2FA methods, especially for initializing other 2FA methods.
A government could send you a text, but how would they know for sure you are the owner of that number? The only thing they tend to know is where you live.
There are still a few problems with address-based verification: The postal service could open your mail, housemates might intercept it, criminals might crack open your postbox if it's on a lawn, etc -- but it's all pretty high effort, difficult to commit identify theft at a larger scale.
Even better would be physical retrieval: You have to retrieve your initial code, device, list, whatever from city hall with an ID document.
In the Netherlands we use DigID -- first code goes through post-mail. Using that code, you can activate SMS-based 2FA, or alternatively use an app to scan QR codes to unlock government websites (for example to check your taxes). -
stop68025y@bittersweet germany has an similar system. But its hard to use, since it requires special hardware on client side and security on Serverside to be able to process data from the id and they made it too hard to access and use the certificate function on it.
-
Anyway, this isn't allowed for banking in Germany (or the EU) anymore, as they are static and a once captured but not used code is valid for the attacker for a potential long time.
-
Depends.
If eg electronic health care becomes a "thing"… I'd be fucking afraid.
And I've got a chronic disease so I know the pain of sometimes running around with tons of pages so a new doc knows that the phrase "it's complicated" does not only reflect a facebook status.
If I'd get any authentication for stuff like that in a non personal way, I'd really get angry and sue to the highest court, cause that's more than dangerous.
The Schufa which is basically the legal russian credit mob of Germany (they "track" your credit information... And calculate a score... Bad score, No credit / Banking Account whatsoever) uses a similar system, they send you an token of which you must enter some chars at login after regular login...
The data is sensitive, so it makes sense to me -
@bittersweet we’ve got the same thing in Austria called Handy-Signatur - you can either get a code via post (verified by your ID) or use your e-card (European insurance card) with a smartcard reader to activate the „Handy-Signatur“ which can then be used to securely sign documents
Related Rants
Germany has the best 2fa method in the world. Sending otp through post-mail....
rant
21st century