Digital Identity Management in Norway Is a Catastrophe

The HN title is misleading and "editorialising". The real title:

    > Digital Identity Management in Norway is a Success but also a Disaster

The article is a little one sided, as it doesn't touch upon MinID which is a government ID service, and Idporten which is an authentication service that allows use of different EIDs, like MinID and BankID.

MinID is only considered "secure" while BankID is considered "highly secure"; as the linked pdf report (on Norwegian) states - in Norway, due to the popularity/market dominance of BankID - a lot of the logins are "highly secure" - while in Sweden their (different, but with same name) BankID is only "secure" - and most services require only "secure" login.

In Norway there are AFAIK public services that require "highly secure" login - and there the public issued MinID isn't enough.

If 2fa for MinID is improved - I think it would easily be upgraded to "highly secure" (most other details are similar to BankID). That should take care of public services.

Private services that do not cater to the public good - would still need a portal similar to (or be granted use of) Idporten.

So I think catastrophe is a little hyperbolic - but the current path of BankID dominance isn't good.

Ed: I see the hn title is editorialized - TFA has a more balanced title.

Ed2: From the podcast - BankID might get downgraded to "secure" because of how 2fa is handled - so it's not only MinID that might need some adjustments.

> The report tells the story of Bendik, who has Down syndrome and is denied BankID, thereby losing access to digital public services due to his diagnosis.

The article is light on details. Are people being denied BankID due to having an autism diagnosis?

There are some crazy details in this story that are presented as side notes in between long paragraphs of filler text that don’t contribute anything. It’s an article where you keep reading expecting some explanations that never arrive.

The article title actually says it is a success as well as a disaster. The title here has been shortened.

And, as the professor in the article explains, it is a “disaster” for a small minority. And those are not he same minority who struggled for the same reasons before, and those difficulties ought be addressed. The system can be improved.

But it’s largely a success for the vast majority too. I don’t personally know of anyone with a negative impression of it. It’s actually something that the average Nordic Baltic person is so used to and happy with that it only comes to mind when we meet people from countries that aren’t organised - and we feel sorry for them!

It’s the same situation with cash. Very few people in a cashless society are wanting to go back to the old ways.

On the plus side, their database has still not been hacked .. like it has happened one month ago in France, with the "ANTS" (the French equivalent). More than 10 millions people had their data leaked including pretty much everything from SSN, to email, phone, etc. A mine gold for Phishers and Scammers.

Wait until EU Dugital Wallet in 2027, that will be the ultimate fiasco.

An outstanding solution no one asked for.

Digital ID is a catastrophe, in Norway or elsewhere. But that doesn’t matter because the purpose of such ID is more surveillance, and if any issue happens you might end up liable like that man mentioned in the article. Right now in countries where digital ID isn’t yet implemented, phone numbers are used instead to link your digital identity to the real one, and most countries require government ID to issue one, and sometimes a biometric identification too, that number is later used in online services or messaging apps that links back to you. Watch now the applications that still insist on having phone numbers as an ID removing them once the digital ID is used instead.