This month's release makes the web app even easier to use. We're introducing new web-based onboarding and a brand new way to digitally sign documents, which eliminates the need for users to download the .ID mobile app to confirm their signature.
The .ID application has been passwordless from the beginning because we just don't trust passwords much.
Mainly because passwords are easy to crack. Phishing, dictionary attacks, man-in-the-middle attacks have become mainstream vulnerabilities.
For a password to be secure, it also has to be very long, unique to a particular service, and contain special characters. An average user can't remember all that, so they use often the same passwords for different services. This in turn makes all services vulnerable, even if they are very careful about their own cybersecurity settings.
Any service that stores user passwords immediately becomes a lucrative target for hackers who can gain access to thousands of user passwords, and we don't want that.
We have a better solution for you! From your email, we can tell if you are a new or existing user and whether you want us to prompt you for a login confirmation via the .ID mobile app or send you a one-time login code. No password stored in our service, no password to forget, no password to attack.
Our strong digital signature is based on the industry-standard XAdES signature format and ASiC document containers. Even if you download a signed copy in PDF format with your visual signature, the only source of truth is still the XAdES+ASiC combination stored in our service.
This combination dictates that any digital signature can only be issued if the signer is in direct possession of the signing private key, which is not known to anyone else and cannot be stored anywhere other than on a specific, dedicated physical device under the signer's sole control - a mobile phone, smart card, etc.
In our hectic daily lives, this is a major drawback because it requires users to take more steps to be able to sign than they have patience for.
That's why we decided to introduce a whole new kind of digital signature, still based on the principles of strong digital signatures, but not requiring a special security device. We are introducing a Basic signature that complements our existing Secure signature and makes signing faster and easier.
For clarity, we now have 3 different signature types in our service:
Of course, you don't have to memorize these types. Our system is smart enough to choose the strongest signature possible based on your choice to use either a web app or a mobile app, and whether you want to verify your identity or not.
Have fun signing!