.png)
Swedish BankID signing and authentication now supports Secure start
1. Is this relevant to me?
This is relevant to anyone using Swedish BankID.
2. What is it?
To increase security during authentication and signing, BankID introduced Secure start which will become mandatory starting from 1st of May 2024.
Secure start means using animated QR code and autostart.
3. How does it work?
With the introduction of these changes, the authentication options have changed as follows:
| Before | After |
|
BankID Desktop |
BankID on this device |
|
BankID Mobile |
BankID on another device |
BankID on this device
This option will start the BankID application using a start token (either automatically on desktop or after clicking a button on mobile).
BankID on another device (QR code)
This option will display an animated (refreshing every second) QR code which should be scanned by the mobile BankID app.
The new authentication options
Authentication with Mobile BankID using a QR code
Signing
The process is pretty much identical for signing, as it is for authentication (described above).
Rationale
The motivation behind requiring either starting the app on the current device or scanning the QR code is that this enforces the signatory to use the BankID application in the same physical location as the device used to act on the sent document.
This avoids the possibility of someone entering the signatory SSN on a signing page of a malicious document, which can be confused in the BankID app with the real document.
More information is available on BankID's website (EN) (SE page).