Only have one device? No logging in for you, then
-
I registered for a COVID booster just now, which required me to use DigiD — the Dutch digital ID thingie — to log in (well, unless I would want to spend hours on hold on the phone). Now, I don’t normally have any reason to use DigiD, so the experience was a new one for me.
On the whole, it seems to work pretty well, except for one really big idiocy: I had installed the DigiD app on my iPad and then went to the Dutch COVID vaccination web site to register on that same iPad. When I tapped on wanting to log in with DigiD, it took me to the app, which gave me a four-letter code to enter on the web site. OK, memorise that, switch back, enter it. Next, the web site put a QR code on my screen, that it wanted me to scan from within the DigiD app …
In the end I went to my computer, went through the site’s entire questionnaire again on that and could finally scan the code.
-
@Gurth Us tablet users are apparently
.
-
@Gurth said in Only have one device? No logging in for you, then:
required me to use DigiD — the Dutch digital ID thingie
You don’t need 2FA when your whole country runs on fax machines.
iPad.
QR code on my screen, that it wanted me to scan from within the DigiD app …Not sure if this helps, since it wants to scan it from a specific app, but if you just need some way to scan it, you could take a screenshot and scan that with a 3rd party app or a Siri shortcut:
How to Scan QR code From an Image on an iPhone - TechWiser
Received a QR code in the mail or a chat app and don't have another phone to scan it? Learn how to scan a QR code from an image on an iPhone.
-
Had a bank employee present me something similar. Essentially, the question was whether I'd like to update to their new system with scannable QR codes as the second factor instead of getting a code by SMS. I asked how that system worked if I'd like to check my account on my phone. Silence ensued, and the banker suggested that I'd hold off with the update for a bit, while he'd forward my question to the IT department.
-
Well, that's what 2FA really means. What you know + what you have. Technically you're not s'posed to use the same device for both factors. Because it's all over the internets anyway, whether the factors are separate enough (even if two separate devices are used) is arguable, of course.
-
@Gurth I'm not sure if it was with the GGD, but I know I've logged in with the DigiD app on the same device. There should be a special option when logging in to indicate you want to use the app on the same device.
Of course, the GGD's contractors may have messed up.
-
@cvi
strangely this doesn't seem to be a 'real' issue since it works automagically here ... if anything asks for payment confirmation I get dropped on a bank controlled page and there are always multiple options ... like sign with app on this device, scan code (app on other device), sign with a security fob thingy, sign with virgin blood, ...
and 99% of the time only the sensible options are highlighted (can't use the app on a pc) since I hardly use a tablet these days it might well fail on that one ... but then again ... you're using a tablet so
but then again more I hear you guys complain about your banks the more sensible our
banks seem ...
since I've seen the IT insides of banking it is hard to believe but here we are ...
-
@Luhmann That sounds remarkably similar to how it works here in NL. Though of course part of that is bank-specific.
I'm not sure what side of the pond @cvi is at; banks seem more WTFy on the left side.
-
@cvi
reminds me of the time I was standing in the m*therf*cking bank and theclerkdrone happily send me some documents to sign through the banking app ... like ...
I called twice and left a complaint, everybody told me to get this figured out in person only to have the drone digitally send me documents to sign something we could have done over the phone ... or even f*cking before you created a problem for me ...I take it back ... they are all incompetent shitgiggles ...
breath in
<rant mode =on>Ok, so during COCKVID (let's pretend that is a typo) I opened a banking account for my under-age offspring ... very much to my surprise the hole process went 100% smooth and digital ... at any time I was expected to get a boing 'yeah, you'll need to visit a bank office" showstopper but it didn't ... I could digitally provide my existence and that of my offspring ...
as you probably already guessed it actually f*cking didn't work ... somewhere
months later my partner gets a voicemail from a bank employee mumbling something about that account and that there still is some administration involved but that it can be done digitally or through the banking automats (ATMs of the bank itself with more options) ... since voicemails are already forgotten when you reach the end of the message we forgot about that ...
few weeks later they call back, since I originally did it online I took a walk to such a diabolic (take a guess who makes such things) banking thing ... only to get a vague error message that :computer_says_no:.
check online ... couldn't find any way to do more then I already had done so figured it was either correct or the error was wrongmonths later I advance my offspring some physical
and go to the banking app to retrieve my 
... only to have it say f*ck you, this account is locked ... extra kicker was that in our app, the website or my offsprings' app the locked message only popped up when you tried to do something with the 
sitting in the account ... not to be seen: a warning or message that something was wrong ...let my wife the bank to curse at the poor sod picking up ... have you tried linking your minor eID with the account through the banking automats ... I naively walk over to the damn thing to try that again only to remember while standing there that yes, yes I really did try that before ...
the second phone drone now get's a pre-heated African Queen shouting at him ... sucks being a phone drone ... if you tried online and with the automat thing you can naturally only visit a banking office
so off I go ... to the nearest bank that is in no way to be called 'near' because although located physically at the same side of :fucking_bruges: I have to drive halfway across town almost to a different bank because there are all these waterways with no bridges across them between me and the damn bank ... you know why it is called Bruges? because the mtherfcking bridges (= bruggen in Dutch) are only at the f*cking city center ...
so I get there ... wait in queue ... there is a social worker or something loudly helping in bad English somebody at one of the automats and just stopping of shouting out the pour
womanpersin's bank account status ...get a drone assigned ... explain why I'm there ... right out of the gate she tells me ... oh yeah for minors it doesn't work from the machines ... gotdamn ... why didn't anybody tell us this months ago?
she glances at the ID of my offspring, doesn't even look at mine and sends me something to digitally sign through the app ... the exact same thing like I did when I opened the damn account ...
back in working stuff country her computer doesn't say no but re-enabling the account could take up some days because some other drone in banking HQ has to review it ... luckily that drone was actually pushing buttons and not pencils and got the account back in an actual usable state the same dayall drones tried to put the blame with us although I clearly did all required steps when opening the account ... and for something that was clearly import they only called ... twice ... and only one time was an actual phone conversation ... no physical letter, no message in the app, no mail, no sms, no notification whatever that action was necessary ... and what we got from information was in hindsight just plain wrong ... but yeah put the blame on the customer
breath out
-
@PleegWat said in Only have one device? No logging in for you, then:
banks seem more WTFy on the left side.
there are more things that seem WTFy the more you stray from the right side ...
-
@PleegWat said in Only have one device? No logging in for you, then:
@Gurth I'm not sure if it was with the GGD
Probably, but this was a page I got to via the Coronatest.nl site, near the end of the whole process.
but I know I've logged in with the DigiD app on the same device.
It could well be I missed something, but inside the app, the only option I found was for when you’re trying to use your DigiD on another device.
Of course, the site gave some other options for proving your identity, but I don’t think any of those were for using the app on the same device.
What I found weird is a very similar system works fine for making iDeal payments to, say, a webshop: the web site drops you into your bank’s app, that recognises what you’re doing and you can make the payment without needing to scan the QR code that the site also displays. So why can’t the government … oh, wait, Dutch government IT. By their standards this DigiD app is as close to perfection as they’ve ever come.
-
@Gurth said in Only have one device? No logging in for you, then:
So why can’t the government … oh, wait,
DutchgovernmentIT.
-
@Gurth said in Only have one device? No logging in for you, then:
oh, wait, Dutch government IT. By their standards this DigiD app is as close to perfection as they’ve ever come.
*cries in american*
-
@Luhmann said in Only have one device? No logging in for you, then:
Ok, so during COCKVID (let's pretend that is a typo) I opened a banking account
I ended up doing this as well, fully online etc.. I've yet to enter one of the branches physically. Surprisingly it worked quite well, despite being one of the worse banks overall IME. (Guess that's what you get when you pick a international megabank, but in terms of overall sketchiness, it seemed to be one of the less sketchy choices. Reconsidering my choice there, but
. Besides, it's not like any of the banks is offering great terms ATM.)The thing above actually happened at one of the better banks (in my estimate). Despite the SMS 2fa being phased out, they were quite easily able to prolong my access that way for quite some time (probably around 2 years); in the meantime, they had fixed their phone app to work reasonably.
-
@Applied-Mediocrity said in Only have one device? No logging in for you, then:
Well, that's what 2FA really means. What you know + what you have. Technically you're not s'posed to use the same device for both factors.
Don't think that's accurate. "What you know" is in your head, not in the device. Or at least should be. I see nothing wrong with logging in through your 2FA device.
-
@Gąska assuming said device isn't also an active method of getting at the reset vector for the 'what you know', like say 'forgot password email going to the mail app on the phone'.
-
@Arantor yes, assuming that. But even then it doesn't make a difference if you reset the password from your PC and using the phone for verification, or reset the password from the phone that you're using for verification.
-
@Gąska from an account security perspective, if the 'something you know' can be replaced by using the 'something you have', you don't have two factors of auth, you have one and a half at best.
-
@Arantor 1 is equal to 1. 1.5 is equal to 1.5. Which part of "it makes no difference" do you not understand? Yes, it's not very secure if you can reset password. But it's not any less secure if you can reset password with one device than if you had to use two.
-
@cvi said in Only have one device? No logging in for you, then:
fully online
I would expect it to work for normal people except for the small detail: the eID cards ("kids ID") for minors (<12y) are different then the general ID cards that are distributed for > 12y ... they should just say admit: for minors with a kids ID type of card you should physically visit a branch for validation ... heck this probably is best advise for everyone except those with a standard
ID card
-
@Gurth said in Only have one device? No logging in for you, then:
@PleegWat said in Only have one device? No logging in for you, then:
@Gurth I'm not sure if it was with the GGD
Probably, but this was a page I got to via the Coronatest.nl site, near the end of the whole process.
but I know I've logged in with the DigiD app on the same device.
It could well be I missed something, but inside the app, the only option I found was for when you’re trying to use your DigiD on another device.
Of course, the site gave some other options for proving your identity, but I don’t think any of those were for using the app on the same device.
I logged in this morning to add my booster in the covid app.
In the login I got a question if I wanted to open the Digid app on that same device, or somewhere else.
Same device, and smooth sailing from there on (except the app was unable to retrieve the vaccination info because it was too busy).TL;DR: it works as designed on my Android phone.
-
@nerd4sale So it's an apple problem?
-
@PleegWat said in Only have one device? No logging in for you, then:
@nerd4sale So it's an apple problem?
Or possibly a tablet problem, I don't know.
-
Meanwhile, my bank does it correctly. On PC I scan QR code with the BankID app on my phone to log in. If on my phone the bank app skips the QR code and uses regular code login.
-
@nerd4sale said in Only have one device? No logging in for you, then:
TL;DR: it works as designed on my Android phone.
Odd. Could be the i(Pad)OS version doesn’t get the message, though I still consider it a possibility that it was me who overlooked something. But I haven’t seen a need to go back and check :)
@Atazhaia said in Only have one device? No logging in for you, then:
on my phone the bank app skips the QR code and uses regular code login.
My bank app on the same iPad does that too, which is part of why I find it odd that the ID app didn’t.
