EID for authentication in applications/desktop
Using eID for logins: user authentication
In Estonia there are three main ways for logging into a web application:
- User name / password.
- Facebook/Google/Twitter or other social media account.
- eID either as an ID card or a mobile ID
The main advantages of eID over the other two are (a) significantly higher security (b) economizing on amount of work otherwise going into managing usernames/passwords: no need to create / replace lost passwords.
The main disadvantage is inconvenience for a user, who has to use an ID card or a mobile ID.
In most cases it makes sense to implement eID as a more secure alternative to some of the beforementioned ways to login in. For example, one could allow the user to perform less critical tasks without authenticating with eID.
Implementation costs for eID are similar to costs for implementing authentication with social media accounts and are slightly higher than for username/password system.
During actual use the economization stems from (a) minimizing the risk of fraud (b) decreasing the amount of work of the IT department. On the other hand, mobile ID creates a monthly cost due to a need to sign an agreement with the Certification Center. Using an ID card does not necessitate this cost.
For the special case of logging into a desktop application it makes sense to use an ID card primarily in case the organization has a large number of computers managed via a centralized Windows domain and the IT department has a significant burden creating new passwords and replacing the existing ones.
As a concrete example we bring the Case study of logging into the study portal and computers of the Tallinn Uni of Tech.