The .ID web app 3.1 makes signing easier
This month's release makes the web app even easier to use. We're introducing new web-based onboarding and a brand new way to digitally sign documents, which eliminates the need for users to download the .ID mobile app to confirm their signature.
Passwordless login makes onboarding easier, faster, and more secure
The .ID application has been passwordless from the beginning because we just don't trust passwords much.
Mainly because passwords are easy to crack. Phishing, dictionary attacks, man-in-the-middle attacks have become mainstream vulnerabilities.
For a password to be secure, it also has to be very long, unique to a particular service, and contain special characters. An average user can't remember all that, so they use often the same passwords for different services. This in turn makes all services vulnerable, even if they are very careful about their own cybersecurity settings.
Any service that stores user passwords immediately becomes a lucrative target for hackers who can gain access to thousands of user passwords, and we don't want that.
We have a better solution for you! From your email, we can tell if you are a new or existing user and whether you want us to prompt you for a login confirmation via the .ID mobile app or send you a one-time login code. No password stored in our service, no password to forget, no password to attack.
Digital signatures go on the web
Our strong digital signature is based on the industry-standard XAdES signature format and ASiC document containers. Even if you download a signed copy in PDF format with your visual signature, the only source of truth is still the XAdES+ASiC combination stored in our service.
This combination dictates that any digital signature can only be issued if the signer is in direct possession of the signing private key, which is not known to anyone else and cannot be stored anywhere other than on a specific, dedicated physical device under the signer's sole control - a mobile phone, smart card, etc.
In our hectic daily lives, this is a major drawback because it requires users to take more steps to be able to sign than they have patience for.
That's why we decided to introduce a whole new kind of digital signature, still based on the principles of strong digital signatures, but not requiring a special security device. We are introducing a Basic signature that complements our existing Secure signature and makes signing faster and easier.
For clarity, we now have 3 different signature types in our service:
- A Basic signature is based on the user's self-declared identity and can be given from any device using simple authentication methods. A simple signature does not require a secure device (PKI device) and can be given from any web browser.
- A Basic+ signature is also based on the user's self-declared identity but is more secure as it can only be given via the .ID mobile app based on our PKI infrastructure.
- A Secure signature is based on the verified identity and can only be granted via the .ID mobile app based on our PKI infrastructure.
Of course, you don't have to memorize these types. Our system is smart enough to choose the strongest signature possible based on your choice to use either a web app or a mobile app, and whether you want to verify your identity or not.
We are on a mission to simplify the process around the contract lifecycle and help you make the best agreements to protect your interests. Simplifying the contracting process while keeping it secure is one step of many in this direction.
Have fun signing!