What is 2FA?
Two-Factor Authentication (2FA) is an effective method to strengthen password security. In addition to a standard pair of user name and password, the system asks for another digital token to complete the sign on process. A popular 2FA implementation is SMS verification. The reason only large corporations have 2FA is because these systems are costly to build and expensive to operate.
The Situation
Fortunately in Estonia, there's a unique situation - every citizen has a digital identity card. And their computers are equipped with smart card readers. The ID cards come with two PIN codes - one to verify the identity of the card holder; the other to sign digital documents. There is also a 3rd code for resetting the other two codes in case they are locked up after too many attempts.
Our Method
At Inga, we have come up with a way to re-purpose the ID card infrastructure for pure password strengthening purposes. It turns out that each smart card holds a digital certificate - a long series of numbers that can be used as passwords. These certificates are accessible without a PIN! But don't worry, no privacy is compromised at this point. the PIN codes are still required to identify and sign. Our system simple uses the ID card to augment a password. The following video shows our Smart Card 2FA in action: