this post was submitted on 16 Aug 2023
1222 points (97.1% liked)

Technology

59446 readers
4537 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

Thanks to Popcrave https://twitter.com/popcrave/status/1691852136236327316?s=46&t=lcH0dp9biwkMEBKsRQeVeQ

Who here is going to put their ID and photo on X/Twitter

you are viewing a single comment's thread
view the rest of the comments
[–] HeartyBeast@kbin.social 1 points 1 year ago (2 children)

But how did they authenticate your identity when you opened the account? I'd not trying to be an arse - but at some point it will likely have come back to matching some official photo id against your face.

[–] Damage@feddit.it 1 points 1 year ago

It's not like the bank KEEPS your ID

[–] Hotzilla@sopuli.xyz 1 points 1 year ago (2 children)

They once identify you from your driver's license, government id card or passport. After that you for example link your smart phone to you, and you use their app when you identify.

You can also use mobile carriers, they send a push notification directly to you phone+sim. Not sure what protocol they use here, because it opens up an UI which is plain android, and asks pin.

Everything relays on chain of trust that since one service has identified you, the next can trust too. Plus there is MFA to verify that you actually made the identification request.

[–] HeartyBeast@kbin.social 2 points 1 year ago (1 children)

The initial argument was ‘sending is to anyone is insane’ but that’s what you do with the bank. Yes it’s only once - but that’s the same as the other systems we are taking about here.

[–] Hotzilla@sopuli.xyz 1 points 1 year ago (1 children)

They don't accept it remote, only face-to-face. I have done it once, 15 years ago. Face-to-face is actually only way to do it to avoid identity theft.

[–] HeartyBeast@kbin.social 0 points 1 year ago (1 children)

Interesting, so your answer to identity authentication is it is it shouldn’t ultimately be done to do remotely and that everyone needs to queue at the counter.

Meanwhile the UK gov remote system seems to work rather well https://appadvice.com/app/gov-uk-id-check/1629050566

[–] Hotzilla@sopuli.xyz 1 points 1 year ago (1 children)

You do that once in your lifetime, and never after that.

[–] HeartyBeast@kbin.social 1 points 1 year ago* (last edited 1 year ago) (1 children)

Until you change banks, mobile phone provider or visit another country and want a local SIM

[–] Hotzilla@sopuli.xyz 1 points 1 year ago* (last edited 1 year ago) (1 children)

The other bank and other mobile provider identifies you through the another one. I am able to identify through two different banks and mobile provider, and have not in 15 years done it onprem. I do strong digital authentication generally once or twice a week.

Edit: last time was actually when I took house mortgage 13 years ago, and switched bank. Not really a issue to show ID onprem when talking 200k€.

[–] HeartyBeast@kbin.social 1 points 1 year ago (1 children)

So, to be clear - if you ever need to renew government documentation or get access to government systems (benefits or taxes), the government doesn’t ask to see government ID - it outsources that to bank procedures from n years ago?

[–] Hotzilla@sopuli.xyz 1 points 1 year ago* (last edited 1 year ago) (1 children)

Practical sense yes, I accessed my tax info today, and strongly authenticated through my mobile provider. It took me 2 seconds and there was MFA included in the process.

Edit: here is Finnish Cyber Security Centers article how the process works: https://www.kyberturvallisuuskeskus.fi/en/our-activities/regulation-and-supervision/electronic-identification

It is defined in Finnish law that all services must use this mechanisms

[–] HeartyBeast@kbin.social 1 points 1 year ago (1 children)

Looks like initial submission of identity documents can be done electronically - not necessarily in-person.

[–] Hotzilla@sopuli.xyz 1 points 1 year ago

Yes, I noticed also that they have included this support now also.

[–] assassin_aragorn@lemmy.world 2 points 1 year ago (1 children)

I mean that's how it's like here in the States too. Show your paperwork at registration and that's it.

[–] Hotzilla@sopuli.xyz 1 points 1 year ago

I have done it once, 15 years ago, after that I have never needed to go it again.