Nemid Tukulti-Ninurta
   HOME

TheInfoList



OR:

NemID (literally: EasyID) is a common log-in solution for Danish Internet banks, government
website A website (also written as a web site) is a collection of web pages and related content that is identified by a common domain name and published on at least one web server. Examples of notable websites are Google, Facebook, Amazon, and Wi ...
s and some other private companies. NemID is managed by the Nets DanID A/S company and came into use on July 1, 2010. Everyone in Denmark who is over 15 years old and has a CPR-Number is eligible for a NemID that can be used with their bank as well as public institutions. Anyone over 13 years old may use a NemID for internet banking. Users of NemID are assigned a unique ID number that can be used as a username in addition to their CPR-Number or a user-defined username. Users receive a card containing pairs of numbers, similar to
Transaction authentication number A transaction authentication number (TAN) is used by some online banking services as a form of ''single use'' one-time passwords (OTPs) to authorize financial transactions. TANs are a second layer of security above and beyond the traditional singl ...
s. After logging in with a username and password, NemID users are prompted to enter a key corresponding to a number as part of NemID's
two-factor authentication Multi-factor authentication (MFA; encompassing two-factor authentication, or 2FA, along with similar terms) is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting ...
scheme. These private keys are one time use only. After all of them are used the user must get new private keys, which are generally sent to the user via mail once they're about to run out. Private keys are kept in a central server. This has caused criticism against the security of NemID system. Unlike other web-based
single sign-on Single sign-on (SSO) is an authentication scheme that allows a user to log in with a single ID to any of several related, yet independent, software systems. True single sign-on allows the user to log in once and access services without re-enterin ...
solutions, such as Google's and Facebook's, NemID is not based on a cryptographical guarantee. While the security of for example Google's single sign-on is based on
HTTPS Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It is used for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is enc ...
, in that you use the domain name accounts.google.com in the browser's address line to ensure that you only send your password to Google (
trusted third party In cryptography, a trusted third party (TTP) is an entity which facilitates interactions between two parties who both trust the third party; the Third Party reviews all critical transaction communications between the parties, based on the ease of c ...
), NemID is based on inputting your NemID-password on arbitrary webpages which show something that looks like a NemID password dialog, and then hoping that these pages do not steal your NemID-password. As NemID is a legally binding signature, gives access to bank accounts, and protects much personal information, this lack of cryptographical security has been criticized. There appear to be no concrete reason for NemID to not be designed with a cryptographical guarantee. On 11 April 2013, the NemID system shut itself down in response to a
DDoS attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connec ...
, causing widespread chaos in Denmark where internet banking was not possible during the attack. With Java version 1.7.0_45, NemID Java applet was not able to log users in.


NemID key app

On 29 May 2018, Digitaliseringsstyrelsen and Finans Danmark launched the NemID key app for smartphones, as a supplement to the NemID cards and NemID code tokens.


See also

* Digital signatureNet-ID


References


External links


Forbrugerrådets
page about ''NemID''
NemID opposition
{{in lang, da Science and technology in Denmark Banking in Denmark Computer access control 2010 establishments in Denmark Computer-related introductions in 2010