MitID: QR code and App switch
The Danish Agency for Digital Government unveiled two significant changes to MitID in June 2023, aimed at improving security and user experience.
These updates include the addition of a QR code to the authentication process and the introduction of app switching on mobile browsers. Let's delve into the details and explore how these enhancements benefit both businesses and individuals.
MitID QR Code - Reinforcing Security
One of the key updates to MitID is the incorporation of a QR code into the authentication process. This addition significantly enhances protection against fraudsters and phishing attacks. Now, users are required to physically prove their presence by scanning the QR code displayed on their screen using the MitID app. This feature not only adds an extra layer of security but also contributes to a safer and more robust user experience.
It's important to note that the QR code scanning process will not be used for authentications on mobile applications. This distinction ensures a seamless and tailored authentication experience across different contexts.
Step-by-Step Guide:
- A desktop user attempts to log in to a website that requires MitID authentication.
- The user enters their MitID ID and presses "enter," prompting them to open the MitID app.
- Using the MitID app, the user scans the QR code displayed on the desktop screen.
- Once the QR code is successfully scanned, the user can verify the transaction and proceed.
MitID App Switch - Simplifying Mobile Authentication
The second notable update focuses on improving the mobile authentication experience through app switching. Previously, with the NemID key app, users received a notification to authorize a transaction. However, this feature was absent in the MitID implementation. With the latest update, MitID introduces a more streamlined process for mobile users.
Now, when logging in with MitID on a mobile device, users can conveniently open the MitID app directly from the MitID login box. The login box will feature a button labeled "Åbn MitID app" (Open MitID app) that allows users to choose between opening the MitID app or authorizing from another device's app. By selecting the "Open MitID App" option, users are automatically redirected to the MitID app to complete the authentication process. Once verified, users can effortlessly switch back to the mobile website that required MitID authentication, ensuring a smooth and hassle-free user journey.
Step-by-Step Guide:
- The user enters their MitID username and proceeds.
- On their mobile device, the user encounters the "Åbn MitID app" button within the MitID login box.
- By clicking the button, the user is automatically redirected to the MitID app to complete the authentication process.
- After authentication, the user manually switches back to the mobile website that required MitID authentication.
Benefits of the MitID Update
The addition of the QR code significantly strengthens protection against fraudulent transactions, logins, and other instances where user authentication is crucial. Although it introduces an extra step to the process, this security enhancement plays a vital role in safeguarding sensitive information and instilling confidence in digital interactions.
App switching, particularly for mobile users, greatly improves the overall user experience. By enabling seamless transitions between the MitID app and the app that requires authentication, users can navigate between platforms effortlessly, saving time and reducing
MitID Upgrade has caused some trouble for some users
Although the upgrade has brought increased security and improved the user experience through the more effective app switch, there has been some challenges:
If the users use Webbrowser on their phones, the QR scanning process is not possible. If the users attempt to use the mobile’s webbrowser process for authenticating, they will meet the QR code on the phone, making it impossible to scan.
This can, if the users attempt several times, result in the user being blocked, which is far from optimal. Nevertheless this is not something Signicat can prevent, so we recommend, that you address this on your website.