Several people on Twitter have noted that BankID does not distinguish between uppercase and lowercase letters when logging in, for example, to an online bank.
in This topic is Twitter There are a number of people who react to this very thing.
– amazing! This is the system that BankIDNorge boasted of spending $3 billion on, on which Norway is completely dependent, one user wrote.
This I really can not believe!
I expect an explanation from Tweet embed Here on why they think they can take the liberty of lowering my password security.
It is best to promise to correct this error as soon as possible– Egil Opsahle October 28, 2022
BankID confirm
Although there are many who are interacting now, it is actually not new, and DinSide already wrote about this in 2014, that is, 8 years ago. Something that Per Thorsheim, Head of Security at BankID and BankAxept, points out when we call him with questions about why this is so.
– It is true that it is. It’s been discussed many times and is widely known, but we’re still thinking about whether we should distinguish between lowercase and uppercase letters in passwords, he says.
Per Torchem is Head of Security at BankID. Photo: BankID
Show more
According to Torchem, one of the reasons BankID doesn’t “see a difference” in this is the focus on user experience.
You log into BankID relatively often, and it’s easy to make mistakes if caps lock is on without even realizing it.
With BankID, you have few attempts to enter the correct password. If you enter the password incorrectly too many times, the bank ID will be locked and you will have to contact your bank.
Very cool solution
And according to Torchem, more important than this distinction is the company’s proprietary login solution, which he describes as “absolutely cool” and few others do.
– When you log into an online account, you enter your username and password and then confirm with a one-time code, while it’s different with BankID: Social Security number, one-time code and then password, he explains.
This means that someone with malicious intent must have your mobile phone or your code chip for A person may try to guess the password to get into your account, and there is little chance of success in three attempts.
– The login method means that the usual methods of attack do not work with BankID. This is extremely important for safety and has a lot more to say than lowercase and uppercase letters, Torchem emphasizes.
“Web specialist. Lifelong zombie maven. Coffee ninja. Hipster-friendly analyst.”
