alt Hacker NewsHonestly, as long as the architectures is fatally flawed (Even if convenient) it's just bandaids over a larger issue.
These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Germany was going in the right direction imho, they NFC enabled their ID cards (Sweden has info on them but no enablement procedures) that is then paired with the app, so the card acts as a 2nd factor that makes the app itself less of a security issue since a user will be required to physically enable it (sadly the NFC pairings are kinda fiddly.. but I'd take that as a security option for all non-trivial transfers).
> These mobile id's are too powerful, signing contracts, transfering all your funds or taking loans, regulation is also papering it over a bit by requiring high-stakes lenders,etc to do additional checks.
Many countries in the EU already have all of that just done though some national equilevant system (for example here in Finland mainly with bank credentials).
And in fact additonal checks are done when enough money is moving. For example when I signed my bank loan for an apartment I had to sign it again after 24 hours just to be really really sure that I wanted to sign it.
For smaller (but still big enough) stuff a second "second factor" usually kicks in usually in the form of a sms verification after the actual proper login with bank credentials (which has a proper 2 factor auth in itself too)