« back to components

Smart Card 2FA Use a smart card as a security token during sign-in

Two-Factor Authentication (2FA) is an effective method to strengthen password security. In addition to a standard pair of user name and password, the system asks for another digital token to complete the sign on process. A popular 2FA implementation is SMS verification. The reason only large corporations have 2FA is because these systems are costly to build and expensive to operate.

Fortunately in Estonia, there's a unique situation - every citizen has a digital identity card. And their computers are equipped with smart card readers. The ID cards come with two PIN codes - one to verify the identity of the card holder; the other to sign digital documents. There is also a 3rd code for resetting the other two codes in case they are locked up after too many attempts.

At Inga, we have come up with a way to re-purpose the ID card infrastructure for pure password strengthening purposes. It turns out that each smart card holds a digital certificate - a long series of numbers that can be used as passwords. These certificates are accessible without a PIN! But don't worry, no privacy is compromised at this point. the PIN codes are still required to identify and sign. Our system simple uses the ID card to augment a password. The following video shows our Smart Card 2FA in action:
Estimated implementation cost: €240,00
find this useful?
Add to list
how does it work?