The Dumbphone Experiment: Authentication issues

I think we’re closing in on the gist of things for this experiment, which is closing in on two weeks sans iPhone. Can you imagine that, being smartphone-less for two weeks? Is it a hell for you, or a tantalizing notion? I get both angles, as it were.

This experiment was always about finding out what’d happen if I didn’t have my iPhone, but a dumbphone instead. Would the iPad be enough? I think we’ll know for sure soon.

But first, some words on authentication.

📵 This post is a part of the Dumbphone Experiment, where I put my iPhone aside to rely on a dumbphone, and my iPad. You can read all posts here →

I’m a big fan of secure passwords, and if you’re not, then you’re just lazy. I’m less of a fan of two-factor authentication (or 2FA for short). Don’t get me wrong, it’s a good idea, but there are so many ways to trick such a system, at least when it’s based on texts and phone calls. An authentication app might be a different thing, at least I think so.

I rely on Microsoft’s app, Authenticator, for a bunch of 2FAs. This includes, well, I won’t tell you exactly what, but it’s a couple of pretty crucial services. And it works alright, I think, except, I need to pull up my iPad to login. That’s fine when I’m using my iPad, which I am, most of the time. In fact, restoring my 2FA accounts in the Authenticator app using my Microsoft account was easy enough too, providing very little friction when putting away the iPhone. I hope it was secure enough too, but that’s a different story.

My authentication woes, or rather, my feared authentication woes, turned out to be nothing at all. I could get it all working on my iPad in almost no time at all. 2FA is all good without an iPhone then, no need for the Authenticator app on my Apple Watch (which didn’t work for non-Microsoft Account stuff anyway).

All good then?

Nope. We’ve got this thing called BankID in Sweden. It’s a digital ID signed by banks, as you’d expect. You use it to login to your bank (chocker), but also to various government services. I can sign my taxes using BankID, it’s the premier way to sign something digitally in Sweden.

And it works on an iPad, most of the time.

You see, in Sweden we’ve got a personal number, a national ID number, that you can use to, in conjunction with BankID, sign things. Or sign in, for that matter. If you move here, you can apply for one, and the whole society opens up to you. It’s somewhat unique, and pretty great, I think.

The problem is, all BankID implementations aren’t created equal. Sometimes you fill out your personal ID number, and then login through BankID. At other times, you scan a QR code on the screen, using your phone, and then you login there.

You see the problem here?

I can’t rightly scan the iPad screen with an app utilizing the camera on my iPad.

Or, I can’t login to my bank on my iPad without my phone.

I have thoughts about this, none pleasant towards my bank. It’s a shitty implementation, is what it is. My bank’s got an (iPhone) app, but it’s limited. I can’t manage my companies on my iPad without my iPhone.

Crash and burn.

I can power up the iMac at the office, login using the BankID app on my iPad, scanning with its camera, and do whatever. I can do the same on my iPad, if I use my iPhone to login.

It’s frustrating. I can manage accounts for multi-million companies through 2FA solutions, I can sign my taxes, but I can’t manage my money properly.

I’ve got the authenticator blues.

📵 This post is a part of the Dumbphone Experiment, where I put my iPhone aside to rely on a dumbphone, and my iPad. You can read all posts here →