alt Hacker NewsThe article is a little one sided, as it doesn't touch upon MinID which is a government ID service, and Idporten which is an authentication service that allows use of different EIDs, like MinID and BankID.
MinID is only considered "secure" while BankID is considered "highly secure"; as the linked pdf report (on Norwegian) states - in Norway, due to the popularity/market dominance of BankID - a lot of the logins are "highly secure" - while in Sweden their (different, but with same name) BankID is only "secure" - and most services require only "secure" login.
In Norway there are AFAIK public services that require "highly secure" login - and there the public issued MinID isn't enough.
If 2fa for MinID is improved - I think it would easily be upgraded to "highly secure" (most other details are similar to BankID). That should take care of public services.
Private services that do not cater to the public good - would still need a portal similar to (or be granted use of) Idporten.
So I think catastrophe is a little hyperbolic - but the current path of BankID dominance isn't good.
Ed: I see the hn title is editorialized - TFA has a more balanced title.
Ed2: From the podcast - BankID might get downgraded to "secure" because of how 2fa is handled - so it's not only MinID that might need some adjustments.
To be fair a part of the problem here is that BankID is so common it has become the "Jacuzzi of EID" or the "Google of EID" or whatever your poison is. So all EID-related discussion in public is now "Why aren't we just adding BankID".
Sure, some policymaker will probably interpret this as "introduce EID" but it does color public debate.
I think it's a shame MinID doesn't have the same level of security as BankID, we are really missing out on a great opportunity. But something tells me the powers that are in Norway's socialite community doesn't want it. In Norway we don't have that much monetary corruption, but we have a lot of "kompistjeneste"