Password Security Fail: Are We Unteachable?
Zurich, 22 February 2021 – The world is increasingly digital: On the one hand, this is evident in the rapid technological progress and the response of many companies to the Corona pandemic, which saw the digitalization of a large number of work and communication processes. On the other hand, it is apparent in the strong growth in online commerce. Already in 2018, the General Data Protection Regulation (GDPR), intended to guarantee Internet users sovereignty over their own data and its protection, entered into force in the EU. Switzerland is pursuing a similar goal with the revision of the Federal Data Protection Act (FADP) concluded in 2020. Against this backdrop, the discussion about introducing distinct digital identities – also called electronic identity or eID – is gaining greater traction. Nevis, the Swiss market leader in Identity and Access Management, explains the principle and presents an overview of the current situation.
Users leave behind digital identities for every online registration, and the average citizen is probably already finding it difficult to keep track of it all. Be it credit cards, mobile phones, online accounts, social media, or company accounts, the personal data of citizens is stored practically everywhere. Nevertheless, having a single digital identity makes it possible to maintain data sovereignty and gain a transparent overview. It functions as an online login and can be used e.g. for online public administration processes as well as for online shopping or to automate business processes.
Different countries, different digitalization concepts
As EU trailblazers, the citizens of Estonia already benefit from having distinct digital identities: whether they’re voting in political elections, paying taxes, or looking through their healthcare records – they can already do it all online. Now the European Union is following suit with its “Once Only” project. Starting in 2023, institutions and organizations in Europe will be able to reuse or share the data and documents that people have already provided to them transparently and securely.
A comparative analysis of the DACH region shows how differently citizens in individual countries use digital identities. In Germany, the eID (electronic identity) function for online identification cards has been automatically activated since 2017 and can be used with public authorities and companies who offer the service. However, the function is currently only activated for a quarter of all citizens and is used by just six percent. With its state eID, the country is committed to a specific technology. Austria, by contrast, only has the so-called mobile phone signature, a personal online signature. The eID (ID Austria) is currently only in its planning stages. In Switzerland, the eID law was passed by Parliament and will be voted on by the populace in a referendum on 7 March 2021. The Swiss model will be decided by a competition between different eID providers who will then be allowed to provide the login.
Expertise in digital identity protection
Many GDPR and FADP data minimization and consent demands can be met with a good Identity and Access Management – and for applications in a large variety of industries from banking and eCommerce to healthcare and government to insurance. This involves an identity provider managing the available identity attributes and making access decisions on behalf of the online service. Data collection is strictly limited to the legal framework: citizens can be certain that their data is centrally and securely managed. Companies gain planning security since they can unequivocally verify their customers while simultaneously not collecting any more data than is allowed. “The concept of an eID is one of the most interesting models for user-friendly protection of personal data”, explains Stephan Schweizer, CEO of Nevis. “With our CIAM platform, companies can unequivocally, effectively, and with legal certainty guarantee that everyone who logs in is indeed the person they claim to be.”
###
About Nevis
Nevis develops security solutions for the digital world of tomorrow. Its portfolio encompasses passwordless logins, which are intuitive to use and offer optimal protection for user data. Nevis is the market leader for Identity and Access Management in Switzerland and secures over 80 percent of all online banking transactions. Public authorities, leading service providers, and industrial enterprises worldwide rely on Nevis solutions. The authentication specialist has locations in Switzerland, Germany, and Hungary.
Press Contact
LEWIS Communications GmbH
Ingo Geisler, nevis-security@teamlewis.com
