You're the kind of reason that booklets are 100 pages when in reality it could easily be 25. Oh the nostalgic perfect booklets with like 20 parts per page. It's so fun to scramble through the build to put in something you didn't see at first. I actually enjoyed that.
I think that the primary reason that MitId was introduced as a replacement of NemId is that Nets, that own NemId was sold in 2014 to a (partly) foreign consortium and after that it was sold again to a foreign hedge fund. Having all the Danish personal information in foreign hands is probably not a good idea, so Digitaliseringsstyrelsen and Finans Danmark made their own system. It is not primarily about updating old tech, but more about keeping Danish information in Danish hands. I agree with that assessment, but would really like them to be upfront about wanting to keep the system out of the hands of private companies, (like Nets) instead of passing it off as being proactive. Nice Star Wars helmet though...Too bad Lego don't have any Star Trek models :-)
You are completely wrong on this. Nets also has developed MitID for Digitaliseringsstyrelsen - they of course in styrelsen have required a secure setup for the development of this etc. Its irrelevant who owns Nets (currently owned by Italian company Nexi).
Hello Youngs! My husband and I just moved to Denmark (Hedehusene) from Madison, Wisconsin and I am really enjoying going through your videos. It's SO NICE to hear such similar experiences from fellow Midwesterners. And we love MitID too!! Thank you!!
Just activated MitID while watching your video. Look me less than 5 minutes. Unless you already know. I'll gladly walk you through how the government ensures the quality of these products. More or less all of them build outside the government. But with a process in place that creates an incentive for companies to build great products for the public.
@@TrashskillsRS What i meant to say was "password", like with NemID you enter your personal password first and then confirm with either the app or keycard. So isn't MitID one-factor-authentication whereas NemID is two-factor-authentication?
The stormtrooper looks so cool. I feel like it’s the most American thing ever to give LEGO feedback on their manual haha I love it, always looking to optimise and improve.
The advantage of not giving the Lego’s better ID ( speaking of Nem ID ) is probably you can use them to build what ever you like. If some had different coloured spikes it would be visible if you choose to build something else.
Super informative! As an expat here myself I hope I don't have to take time away from work to arrange MitID but oh well a small price to pay for so many advantages when it comes down to it! Also: love Lego, love to see it on the channel!
Nets are very secretive about security, so I can't comment about the security upgrades. Except to say one thing. Nets are trying to solve a basically unsolvable problem. Secure identification from devices that must buy defaukt be assumed to be corrupted. This comes down to a race with the hackers, and every so often it is necessary to change the entire code base. NemID has had a good long run. But it gets more vulnerable every day. So it is wise to find a new solution. The thing that was not mentioned in your interview was useability. By modern standards, NemID is getting to feel a bit old and clunky. Competing solutions has solved many problems better than NemID in other countries. So it is also time to integrate what have been learned elsewhere into the Danish solution. I have not looked at MitID yet. But I have great expectations. And yes, I am an IT security consultant with particular interests in authentication and identity management.
I don't know about problems that competing solutions have solved better. Security will always be a bit annoying if done properly. You can make things easier and that seem to be the MitID selling point. I worry that it will be less secure. They already blundered by trusting the MitID app with too much of the security and a decentralized app like that will be a target that did not really exist with NemID. You had to make an active insecure choice with NemID to make it vulnerable. An app might be hacked without that choice. Furthermore being secretive about security is not the way that has proved to be most secure. The most secure solutions are always open about how they handle their security so they can get feedback if they blunder. Just the knowledge that this could happen encourage more secure solutions. It's too easy to rely on the secrecy as part of your security and introduce a vulnerability that way. The closed source secretive solutions feel intuitive but the most secure options are open source.
@@maxfriis The point of better useability is precisely to make things easier. With NemID you often have to enter your password into mobile devices for instance. This is bad useability. With Mit ID this will hopefully be much reduced. I honestly have no clue about the security of MitID. But I have read the newspapers and feel a bit worried. On the other hand, I know that the security people at Nets are very good indeed. They are not going to miss anything obvious.
@@mvoetmann1 Fair enough and good point about usability being a part of security. The bottom line is that we do not have sufficient information to continue this debate. I'm skeptical about the new unknown solution and you trust they will handle it professionally and well. That is fine and I really hope you are right.
Creating a security product which is to be used by the masses will always have trade-offs. If you wish to make something truly secure, the convinience of use will usually suffer. For instance, you can't expect the average citizen to be able to remember unique passwords containing more than 8 characters. So trade-offs in the level of security has to happen for a security product to achieve a high degree a convinience and usability.
@@pHD77 quite. But every so often you can, by being very clever and stealing ideas from others, increase useability without significant sacrifice of security. Also, technologies sometimes march in unexpected directions, forcing you to rethink your product. MitID has a number of such innovations. For instance, it supports U2F tokens, and has been designed with mobile devices in mind, which NemID was not.
I love it, it makes sensitive info much harder to breach. I have worked in IT security and the things I have seen possible would shock people, before you could just send people links on email's and if they clicked it you could setup a (worm virus) and literally see everything the person see/types/say/hear on the computer, including banking info and other sensitive info, turn their webcam on and talk through their speakers or turn their microphone on.
The passport upgrade stuff is also really odd, all the banks have for the past couple of years by law had to positively identify their customers. And yet now MitID does the same but requires us to use a newer passport, which some of us don't actually have and it cost money to get a passport. I find it odd that the banks have not been involved in the "upgrade" process, as they would have verified the customer already.
Yaeh i don't like the passport thing because i don't have one and the other thing i don't like is the phone thing... I don't mix My bank stuff with my Phone...
@@Nico-zw9ud If you haven't got the proper documentation you cannot upgrade to mitID yourself, however, you can always go to Borgerservice and let them do the identification.
If you have assembled LEGO since childhood, (as have many, many danes)it is probably easier to “read” and understand the instructions. I was expecting to see Finn at ay moment and now have an urge to watch the whole (amazing)story again. Good versus bad never goes out of style. Thank you for another great video. Happy Christmas to you all and the best wishes for a prosperous New Year.
I came last month to Denmark. I don't have NemId. Should I apply for NemId or should I just apply for MetId, since NemId is anyway decommissioned soon?
@@TravelinYoung As a non-EU foreigner, you can vote for municipal and regional elections (like the one we just had) when you have lived here for four years (without interruption). You cannot vote for parliamentary elections until you become a Danish citizen.
Question what would be the best way in first steps to try and get mid ID in the United States I like the idea of security considering me and my wife have both gone through near identity theft and we’ve had our bank account hacked at least once which caused a huge headache
LOL!! Just noticed that your not wearing a Hat. Have you gone rogue 😒 ? Again, this is one of your videos, I shared on my FB. PS: Yeah yeah! We notice the "Pin" 👍😀👍 !
It's amazing that such an essential application like this - basically controls your ability to see and move finances - is so woefully bad. From constant crashing to a doom loop of having to start all over again if something goes wrong I've never seen something this bad. If you are going to replace something that kind of worked (NEMID) with something that doesn't, shut people out of their bank accounts at least admit there is something wrong with it. I think I'll have to go back to literally calling my bank to see what the balance is and pulling cash out to pay for things.
Thanks for the super informative video as always. I’m not personally sold yet on the new MitID, as it appears to be too simple. My lazy side wants it, as to drop the NemID ‘key card’ hassle, but it was the ‘hassle’ side of it that made me feel secure that nobody could both know my last four digits of my CPR number, and have my ‘key card’. It was a step too far for ‘easy theft’, and hence always in the secure zone. Maybe I’ve missed something about the new MitID card though? Let’s see how it pans out.
Thanks! I believe you can get a key fob if you feel the phone app isn’t secure enough, that would simulate the physical card like with NemID. I also think setting a user ID yourself is more secure than a CPR, which MitID requires.
@@TravelinYoung thanks for your reply. Yes, that would be a good solution. I am waiting to be told when it is my turn to make the change, so actually I am only just starting to look into it more in depth now, with your video as my starting point. I must say, what a great video and great channel you have. I've been following your channel for a few months now. It's good, it really is. Have a great day!
I fail to see how the new solution is more secure; the fact that the username is now a primary part of the auth scheme - that you can invoke an auth request call-back by only knowing this one thing, seems like a huge risk. The more obscure you make your username (mind you NOT your password) the more secure you are. You seem pretty well versed in IT Josh and in IT we typically call this way of designing stuff "security through obscurity" and its not a complement.
I agree. And there's another huge issue that I haven't heard that many talk about. The fact that they are now moving the username into the "do not tell to other people" space, will end up being a potential problem for other non-MitID related services. For years now we've been teaching people to keep their passwords secret. You should NEVER give your password to anyone, ever. But usernames are often asked for over the phone to reset a work account or other similar maintenance tasks. This is normal, and acceptable - as long as the password is kept secret. But as MitID is now putting that into question, the users will not know what to believe. Since MitID will be such a widely used service we will probably see an uptick in confused employees thinking they should no longer tell the administrator their username so they can get their Citrix account serviced / restarted. It skews the whole username vs password security convention that we have worked so long to establish. Username ok to tell, password NOT ok to tell. Now suddenly usernames are secret too? But only some places. Then what places? Only MitID? Or maybe also other places? Users will probably get confused about this and scammers might benefit from it. It won't take a lot of convincing to scam elderly people into thinking that telling their password is now ok, since it's now the username that's secret. All they have to do is point to MitID and say "That's how it is now".
As a computer science student I'm one of the few people who never switched from the physical NemID card to the app. I like the idea of two-factor authentication being physical, as it's the only way I can truly KNOW that my data is safe. Anyone else feel the same way or am I crazy?
I don’t think so, but my phone is physical and I probably treat it better than I do our dog brisket :). Getting into someone’s phone often means access to personal email, messaging, financial accounts, etc. So I don’t mind having my phone be the physical component of the 2 factor authentication as I would keep it closer to me than a code card or key fob.
@hmmm - I feel the same way. The one and ONLY reason I have the app is because I couldn't pay for airplane tickets otherwise. I don't use my phone for my banking needs.
I only switched to MitID a few days ago. But now I have an app on my phone to log into my bank account? Yeah I'm sorry but this ever increasing level of digitilasation doesn't impress me at all. You need two different devices, a laptop and a smartphone, to be able to log in to your accounts? With all the banks closing, people are forced onto digital solutions. It might not be a problem for you or me, but imagine being 80 years old and have to learn to use digital banking.
He didn't go into details of why it is more safe. With Nem ID you have your cpr no and a changing key no. With Mit ID you just have your password. Doesn't look more safe to me.. 🤨.
That’s exactly what I thought too. I liked the fact that NemID was awkward and a hassle for anyone wanting to steal or break your codes. MitID does appear at least to be too simple for theft etc.
You can have same login security with MitID if you wish by using a key fob. And your CPR isn’t a very secure login, much better to set a UserID yourself, which you do with MitID. A lot of the security improvements are less on how you login and more with how the data moves through the backend as it authenticates a user.
@@TravelinYoung Partly true, but the problem is that 95% would use the same userid they use for all other online logins, and use a userid that is based on something personal and depending on the online service you use your userid might even be publicly visible to everyone else on that service. Making that type of userid even more unsecure than the CPR
@@ajwasp never use the same userid, and never use elements in them that you repeat from other userids. The problem would eventually be to remember the userid no matter what you do, this is would eventually led you to store it somewhere unsafe to be able to find it if you forget. I guess the only truly secure would be biometrics.
That was a cool try it on Tuesday. With that Josh you just became Danish. Building LEGO is something every Dane grown up to do, and now you had your official baptizing in front of the nation of building LEGO. :P
There is a vital part of “Digital Denmark” even danes are not aware about. The National vacination database. It has been in place for many, many years, So when Covid-19 hit us, the infrastructure was allready there. Just add another Vaccine type to the system and go…. Holland for instance, did not have such system, and had design and implement it to keep track om the Vaccines, before they could start the vaccination rollout.
First of.. Cool video, .. would have liked a demo for how to make the update, but its oki, Then just a remark... Whats up whit your breathing Johs, it sounds more and more for every video, like your having hard breathing. Astma or smoking lungs...
@@TravelinYoung I saw it yesterday. Thanks for some great videos that I am in the process of watching. You are such a lovely family and your parents look so kind. I promise you will be allowed to keep your hat on if you and your family visit me, my husband and our two dogs and a single cat.😄 🇩🇰 🇩🇰 🇩🇰
Introducing an extra way to attack a system is _less_ secure and software is always vulnerable especially when it's decentralized as an app on your phone (they already had blunders pointed out to them). You have to make an active decision to e.g. photograph your codes or something to make NemID insecure. With MitID that is no longer the case.
I love the new MtID😍and i have thumb scan on my phone, so super easy access🥰 but.....online purchases are still in NemID.....😑 so ita sadly not 100% implemented yer tho lol
In Germany they are not into the digital era . Not in the same way like in Denmark. If the system are going down totally for a period of time . We are really fuckt up. Germany are old school . Have it on paper .
The small key fob should have been a credit card size device so that it fits well in the smallest of wallets! Else I would prefer the old paper card which does exactly that.
@@bzdtemp Thank you captain obvious. My point is they could have made it credit card sized which is more practical, especially for those of us who carry credit card only wallets.
@@_-martin-_ Come on, like you are even gonna use anything but the app anyway. The key token will only be something few people will acquire use and I would assume, that many will be liking that it fits well on a key chain which something credit card sized won't. Also personally I have never seen a key token that is credit card shaped, seems to me they would likely be more fragile than the usual ones.
Elderly: my mother at 88 use Nem-ID BUT she uses it through ME. If it was up to her alone in the digital world she would be lost! Don’t believe all statistics! 🥺
I’m danish living in the us, I spend so far 6 months trying to make the app work with no luck. If you notice the app has 1 star rating!!! It’s just not working Denmark!!!!
The only thing that makes it more secure is that you are not flashing your CPR number, and they are not storing your CPR number with the MitID either. So you have next to no chance of having your identity stolen by hackers attacking the servers. If someone steals your phone and can go into the app, then you are not secured at all. The main advantage is that MitID complies with EU regulation. NemID does not comply with current regulation.
@@TrashskillsRS - Aaah, well hackers can't use a CPR number for shit in reality. It's a crime for a business to let a customer identify themselves only with a CPR number, as far as I'm aware. And they have to prove that it was indeed you who engaged them in a deal. If you know someone's birthday, it's pretty easy to just go through the last four digits with brute force.
I am not buying that a selv though of userid is more sercure than the cpr id. The CPR Id requires that you locate documents with it on it, yes if you get hold of some documents or just our health card, it will be there, however most people will think of a similar unsecure userid, that would be related to easy obtainable information.
To add to that, and if you then give out some "rules" on how to create a unique id, you then have given the hacker a way to figure out what the most likely userid would be. Remember that the author of the password rules Bill Burr actually regrets making them, because it turns out that they cause even more unsecure passwords to be made.
Mit Id is super vulnerable, to protect yourself make sure not to swipe unless youre sure what you are doing, source critisism is important, just a head up, otherwise its pretty decent... :D Remember its under development
MitID is much less secure then NemID since they have effectively dropped a factor unless you choose an unguessable username. Since NemID's security wasn't great to begin with its a pretty bad direction we are going in unless you happen to be an IT criminal...
I never thought that my primary source if information NemID would be an American....but thanks for an informative video
Me neither. It does makes loads of sense when thinking about the well presented explanations living in this channel.
Same here
You're the kind of reason that booklets are 100 pages when in reality it could easily be 25. Oh the nostalgic perfect booklets with like 20 parts per page. It's so fun to scramble through the build to put in something you didn't see at first. I actually enjoyed that.
I think that the primary reason that MitId was introduced as a replacement of NemId is that Nets, that own NemId was sold in 2014 to a (partly) foreign consortium and after that it was sold again to a foreign hedge fund. Having all the Danish personal information in foreign hands is probably not a good idea, so Digitaliseringsstyrelsen and Finans Danmark made their own system. It is not primarily about updating old tech, but more about keeping Danish information in Danish hands. I agree with that assessment, but would really like them to be upfront about wanting to keep the system out of the hands of private companies, (like Nets) instead of passing it off as being proactive.
Nice Star Wars helmet though...Too bad Lego don't have any Star Trek models :-)
Interesting, I wondered why they had used a lot of money on changing the name.
You are completely wrong on this. Nets also has developed MitID for Digitaliseringsstyrelsen - they of course in styrelsen have required a secure setup for the development of this etc. Its irrelevant who owns Nets (currently owned by Italian company Nexi).
Yezz,totally irrelevant,could be owned by Sicilian mobfamily,totally not relevantio!
Hello Youngs! My husband and I just moved to Denmark (Hedehusene) from Madison, Wisconsin and I am really enjoying going through your videos. It's SO NICE to hear such similar experiences from fellow Midwesterners. And we love MitID too!! Thank you!!
Just activated MitID while watching your video. Look me less than 5 minutes.
Unless you already know. I'll gladly walk you through how the government ensures the quality of these products. More or less all of them build outside the government. But with a process in place that creates an incentive for companies to build great products for the public.
MitID requires no code, right? Seems less secure...
@@designtechdk Your code is generated on the fly and only lasts for like 2 minutes to type it in.
@@TrashskillsRS What i meant to say was "password", like with NemID you enter your personal password first and then confirm with either the app or keycard. So isn't MitID one-factor-authentication whereas NemID is two-factor-authentication?
@@designtechdk Dont you need to authenticate to enter your app?
@@TrashskillsRS Which app? I don't have MitID yet, but my NemID app is locked by a pin/biometrics
Denmark vs. Sweden, LEGO vs. IKEA. Who has the better assembling manuals?
Lego for sure :).
LEGO, and unlike IKEA, you can take it apart again.
@@mikkelnpetersen well, It's always possible to take IKEA Furniture apart again. It's the reassembly that will be difficult...
The stormtrooper looks so cool. I feel like it’s the most American thing ever to give LEGO feedback on their manual haha I love it, always looking to optimise and improve.
The advantage of not giving the Lego’s better ID ( speaking of Nem ID ) is probably you can use them to build what ever you like. If some had different coloured spikes it would be visible if you choose to build something else.
Thanks again for the video! It's really professional cut and edited. Good job guys!
Thanks for saying that! :)
Yes, and with really intelligent and poignant questions 😉
Super informative! As an expat here myself I hope I don't have to take time away from work to arrange MitID but oh well a small price to pay for so many advantages when it comes down to it! Also: love Lego, love to see it on the channel!
Nets are very secretive about security, so I can't comment about the security upgrades. Except to say one thing. Nets are trying to solve a basically unsolvable problem. Secure identification from devices that must buy defaukt be assumed to be corrupted. This comes down to a race with the hackers, and every so often it is necessary to change the entire code base. NemID has had a good long run. But it gets more vulnerable every day. So it is wise to find a new solution.
The thing that was not mentioned in your interview was useability. By modern standards, NemID is getting to feel a bit old and clunky. Competing solutions has solved many problems better than NemID in other countries. So it is also time to integrate what have been learned elsewhere into the Danish solution.
I have not looked at MitID yet. But I have great expectations.
And yes, I am an IT security consultant with particular interests in authentication and identity management.
I don't know about problems that competing solutions have solved better. Security will always be a bit annoying if done properly. You can make things easier and that seem to be the MitID selling point.
I worry that it will be less secure. They already blundered by trusting the MitID app with too much of the security and a decentralized app like that will be a target that did not really exist with NemID. You had to make an active insecure choice with NemID to make it vulnerable. An app might be hacked without that choice.
Furthermore being secretive about security is not the way that has proved to be most secure. The most secure solutions are always open about how they handle their security so they can get feedback if they blunder. Just the knowledge that this could happen encourage more secure solutions. It's too easy to rely on the secrecy as part of your security and introduce a vulnerability that way. The closed source secretive solutions feel intuitive but the most secure options are open source.
@@maxfriis The point of better useability is precisely to make things easier. With NemID you often have to enter your password into mobile devices for instance. This is bad useability. With Mit ID this will hopefully be much reduced.
I honestly have no clue about the security of MitID. But I have read the newspapers and feel a bit worried. On the other hand, I know that the security people at Nets are very good indeed. They are not going to miss anything obvious.
@@mvoetmann1 Fair enough and good point about usability being a part of security. The bottom line is that we do not have sufficient information to continue this debate. I'm skeptical about the new unknown solution and you trust they will handle it professionally and well. That is fine and I really hope you are right.
Creating a security product which is to be used by the masses will always have trade-offs.
If you wish to make something truly secure, the convinience of use will usually suffer. For instance, you can't expect the average citizen to be able to remember unique passwords containing more than 8 characters. So trade-offs in the level of security has to happen for a security product to achieve a high degree a convinience and usability.
@@pHD77 quite. But every so often you can, by being very clever and stealing ideas from others, increase useability without significant sacrifice of security. Also, technologies sometimes march in unexpected directions, forcing you to rethink your product. MitID has a number of such innovations. For instance, it supports U2F tokens, and has been designed with mobile devices in mind, which NemID was not.
I love it, it makes sensitive info much harder to breach. I have worked in IT security and the things I have seen possible would shock people, before you could just send people links on email's and if they clicked it you could setup a (worm virus) and literally see everything the person see/types/say/hear on the computer, including banking info and other sensitive info, turn their webcam on and talk through their speakers or turn their microphone on.
Thank you so much for the info about NemID to MitId, and the Stormtrooper look great👍
Thanks!
More people should really see this video!
Just waiting for the beginner bugs to be fleshed out of the system and I’m gladly installing MitID.
Love your videos. I'm Swedish and moved from Stockholm to Winnetka, IL in 2009
The passport upgrade stuff is also really odd, all the banks have for the past couple of years by law had to positively identify their customers. And yet now MitID does the same but requires us to use a newer passport, which some of us don't actually have and it cost money to get a passport. I find it odd that the banks have not been involved in the "upgrade" process, as they would have verified the customer already.
Yaeh i don't like the passport thing because i don't have one and the other thing i don't like is the phone thing... I don't mix My bank stuff with my Phone...
Yeah, I'm unable to upgrade to MitNem due to not having a Passport or a Driver's License. Absolute nonsense!
@@Nico-zw9ud If you haven't got the proper documentation you cannot upgrade to mitID yourself, however, you can always go to Borgerservice and let them do the identification.
Thanks for the info. We are a long way behind Denmark here down under in Australia.Australia could learn a lot from Denmark.
If you have assembled LEGO since childhood, (as have many, many danes)it is probably easier to “read” and understand the instructions. I was expecting to see Finn at ay moment and now have an urge to watch the whole (amazing)story again. Good versus bad never goes out of style. Thank you for another great video. Happy Christmas to you all and the best wishes for a prosperous New Year.
This was an interesting watch.👍 I was wondering how you guy's cope with "our" infamous 'Gotham City' November weather?
Ha, not easy, but for how I just come up with new TH-cam ideas :).
I came last month to Denmark. I don't have NemId. Should I apply for NemId or should I just apply for MetId, since NemId is anyway decommissioned soon?
I still use NemID some places so probably best to have both.
Try the Lego stunt again, after 3 Juletuborg...like a danish dad.
Will you do a video on the municipal and regional elections?
We can’t vote yet so we hadn’t planned to.
@@TravelinYoungTypical! 😂😂😂
@@TravelinYoung As a non-EU foreigner, you can vote for municipal and regional elections (like the one we just had) when you have lived here for four years (without interruption). You cannot vote for parliamentary elections until you become a Danish citizen.
@@TravelinYoung Good wait to I run for mayor 😂
Yes I know, but we haven't been here 4 years yet.
My good colleague here in Denmark won Legomasters 2021 🇩🇰 I could ask him to help you with future Lego projects 😅
Sweet!! Super cool.
@@TravelinYoung hope you read my edit 😁
@@MostlyDrones cool, just saw it! Perhaps, I’m sure we could come up with some stuff down the line :).
I'm looking forward to MitID
...it's going to be great! 🤎
The Stormtropper is cool!
Fun Try it on Tuesday, Josh 🤣
hello from Hundested 🌸🌱
Wait Joshua! - Wheres is your hat?
Haha, it took a day off :).
Informative topic 👍🌟
fun fact: lego is short for "leg godt" meaning "play well" but incidentally and totally by accident lego is also a latin word meaning "I build"
Have you guys ever read the book Beneath The Neon Egg? It is an Expat, who writes about HIS experience with Copenhagen and the Danes. 🙂
Here is a happy Dane, got answers about MitID. Du leger godt :D
Question what would be the best way in first steps to try and get mid ID in the United States I like the idea of security considering me and my wife have both gone through near identity theft and we’ve had our bank account hacked at least once which caused a huge headache
You should try going to sourth jylland and vestjylland. Thats basically like the Texas off Danmark. You should also check out Bornholm
I need to send an email with nemid but i don't know how
You should make a Playlist for digital Denmark.
LOL!! Just noticed that your not wearing a Hat. Have you gone rogue 😒 ? Again, this is one of your videos, I shared on my FB. PS: Yeah yeah! We notice the "Pin" 👍😀👍 !
I just like keeping people on their toes :).
It's amazing that such an essential application like this - basically controls your ability to see and move finances - is so woefully bad. From constant crashing to a doom loop of having to start all over again if something goes wrong I've never seen something this bad. If you are going to replace something that kind of worked (NEMID) with something that doesn't, shut people out of their bank accounts at least admit there is something wrong with it. I think I'll have to go back to literally calling my bank to see what the balance is and pulling cash out to pay for things.
Thanks for the super informative video as always. I’m not personally sold yet on the new MitID, as it appears to be too simple. My lazy side wants it, as to drop the NemID ‘key card’ hassle, but it was the ‘hassle’ side of it that made me feel secure that nobody could both know my last four digits of my CPR number, and have my ‘key card’. It was a step too far for ‘easy theft’, and hence always in the secure zone. Maybe I’ve missed something about the new MitID card though? Let’s see how it pans out.
Thanks! I believe you can get a key fob if you feel the phone app isn’t secure enough, that would simulate the physical card like with NemID. I also think setting a user ID yourself is more secure than a CPR, which MitID requires.
@@TravelinYoung thanks for your reply. Yes, that would be a good solution. I am waiting to be told when it is my turn to make the change, so actually I am only just starting to look into it more in depth now, with your video as my starting point. I must say, what a great video and great channel you have. I've been following your channel for a few months now. It's good, it really is. Have a great day!
I fail to see how the new solution is more secure; the fact that the username is now a primary part of the auth scheme - that you can invoke an auth request call-back by only knowing this one thing, seems like a huge risk. The more obscure you make your username (mind you NOT your password) the more secure you are. You seem pretty well versed in IT Josh and in IT we typically call this way of designing stuff "security through obscurity" and its not a complement.
I agree. And there's another huge issue that I haven't heard that many talk about. The fact that they are now moving the username into the "do not tell to other people" space, will end up being a potential problem for other non-MitID related services. For years now we've been teaching people to keep their passwords secret. You should NEVER give your password to anyone, ever. But usernames are often asked for over the phone to reset a work account or other similar maintenance tasks. This is normal, and acceptable - as long as the password is kept secret. But as MitID is now putting that into question, the users will not know what to believe.
Since MitID will be such a widely used service we will probably see an uptick in confused employees thinking they should no longer tell the administrator their username so they can get their Citrix account serviced / restarted. It skews the whole username vs password security convention that we have worked so long to establish. Username ok to tell, password NOT ok to tell. Now suddenly usernames are secret too? But only some places. Then what places? Only MitID? Or maybe also other places?
Users will probably get confused about this and scammers might benefit from it. It won't take a lot of convincing to scam elderly people into thinking that telling their password is now ok, since it's now the username that's secret. All they have to do is point to MitID and say "That's how it is now".
As a computer science student I'm one of the few people who never switched from the physical NemID card to the app. I like the idea of two-factor authentication being physical, as it's the only way I can truly KNOW that my data is safe. Anyone else feel the same way or am I crazy?
I don’t think so, but my phone is physical and I probably treat it better than I do our dog brisket :).
Getting into someone’s phone often means access to personal email, messaging, financial accounts, etc. So I don’t mind having my phone be the physical component of the 2 factor authentication as I would keep it closer to me than a code card or key fob.
Yaeh i don't like the idea of using my Phone for My bank stuff... It can be stolen... Break down and a lot of other things...
@hmmm - I feel the same way. The one and ONLY reason I have the app is because I couldn't pay for airplane tickets otherwise. I don't use my phone for my banking needs.
LEGO Building Instruction app is the way to go!
It exists? Or is it your idea 💡 for improvement?
I only switched to MitID a few days ago. But now I have an app on my phone to log into my bank account? Yeah I'm sorry but this ever increasing level of digitilasation doesn't impress me at all. You need two different devices, a laptop and a smartphone, to be able to log in to your accounts? With all the banks closing, people are forced onto digital solutions. It might not be a problem for you or me, but imagine being 80 years old and have to learn to use digital banking.
He didn't go into details of why it is more safe. With Nem ID you have your cpr no and a changing key no. With Mit ID you just have your password. Doesn't look more safe to me.. 🤨.
That’s exactly what I thought too. I liked the fact that NemID was awkward and a hassle for anyone wanting to steal or break your codes. MitID does appear at least to be too simple for theft etc.
You can have same login security with MitID if you wish by using a key fob. And your CPR isn’t a very secure login, much better to set a UserID yourself, which you do with MitID.
A lot of the security improvements are less on how you login and more with how the data moves through the backend as it authenticates a user.
@@TravelinYoung Partly true, but the problem is that 95% would use the same userid they use for all other online logins, and use a userid that is based on something personal and depending on the online service you use your userid might even be publicly visible to everyone else on that service. Making that type of userid even more unsecure than the CPR
@@CyberonDK
any suggestions?
@@ajwasp never use the same userid, and never use elements in them that you repeat from other userids. The problem would eventually be to remember the userid no matter what you do, this is would eventually led you to store it somewhere unsafe to be able to find it if you forget. I guess the only truly secure would be biometrics.
My first thought when I saw the video was, NO hat !!
That was a cool try it on Tuesday. With that Josh you just became Danish. Building LEGO is something every Dane grown up to do, and now you had your official baptizing in front of the nation of building LEGO. :P
There is a vital part of “Digital Denmark” even danes are not aware about. The National vacination database. It has been in place for many, many years, So when Covid-19 hit us, the infrastructure was allready there. Just add another Vaccine type to the system and go…. Holland for instance, did not have such system, and had design and implement it to keep track om the Vaccines, before they could start the vaccination rollout.
Still no hat - looking good :-D
First of..
Cool video, .. would have liked a demo for how to make the update, but its oki,
Then just a remark...
Whats up whit your breathing Johs, it sounds more and more for every video, like your having hard breathing.
Astma or smoking lungs...
Where is your hat?? :-)
Haha, it wasn’t a hat day, but it was back in today’s video :).
@@TravelinYoung
I saw it yesterday. Thanks for some great videos that I am in the process of watching. You are such a lovely family and your parents look so kind. I promise you will be allowed to keep your hat on if you and your family visit me, my husband and our two dogs and a single cat.😄 🇩🇰 🇩🇰 🇩🇰
Introducing an extra way to attack a system is _less_ secure and software is always vulnerable especially when it's decentralized as an app on your phone (they already had blunders pointed out to them). You have to make an active decision to e.g. photograph your codes or something to make NemID insecure. With MitID that is no longer the case.
NemID already had problems where people logged on at a library wifi,
In Norway its MinID.
I love the new MtID😍and i have thumb scan on my phone, so super easy access🥰 but.....online purchases are still in NemID.....😑 so ita sadly not 100% implemented yer tho lol
In Germany they are not into the digital era . Not in the same way like in Denmark. If the system are going down totally for a period of time . We are really fuckt up.
Germany are old school . Have it on paper .
how the h... it is 0930!!!
The small key fob should have been a credit card size device so that it fits well in the smallest of wallets! Else I would prefer the old paper card which does exactly that.
The point of it no longer being a piece of paper, is that people can't be fooled into copying it and sending that to bad actors.
@@bzdtemp Thank you captain obvious. My point is they could have made it credit card sized which is more practical, especially for those of us who carry credit card only wallets.
@@_-martin-_ Come on, like you are even gonna use anything but the app anyway.
The key token will only be something few people will acquire use and I would assume, that many will be liking that it fits well on a key chain which something credit card sized won't. Also personally I have never seen a key token that is credit card shaped, seems to me they would likely be more fragile than the usual ones.
I miss the hat 😂😏😉 another great video ☺️
Haha, thanks! My hat is still around, it will come and go depending on the topic or day :).
Elderly: my mother at 88 use Nem-ID BUT she uses it through ME. If it was up to her alone in the digital world she would be lost! Don’t believe all statistics! 🥺
Mener man stadig kan undgå NemID/MitID..er det usandt?
@@sole129 jeg ved det faktisk ikke. Man kan få fysisk post men undgå Nem-ID er nok svært. Jeg tør ikke sige det.
@@sole129 Man kan fravælge e-boks og stadig få tilsendt dokumenter fysisk til sin postkasse.
@@pHD77 Tak for det:) Men eboks er selvfølgelig ikke det hele og jeg har forståelse for at nogle finder hele konceptet svært.
I dont like MitID ... there is no wallet option like there is for NemID
Well as an 30 year old dane, I think I will team up with the elderly at the library 🤣
I’m danish living in the us, I spend so far 6 months trying to make the app work with no luck. If you notice the app has 1 star rating!!! It’s just not working Denmark!!!!
I've already forgot my name and password 😬
I've heard that instead of a two factor security it's just a damned password with MitID, if this is true, then it's not safer that NemID lol.
The only thing that makes it more secure is that you are not flashing your CPR number, and they are not storing your CPR number with the MitID either. So you have next to no chance of having your identity stolen by hackers attacking the servers.
If someone steals your phone and can go into the app, then you are not secured at all.
The main advantage is that MitID complies with EU regulation. NemID does not comply with current regulation.
@@TrashskillsRS - Aaah, well hackers can't use a CPR number for shit in reality. It's a crime for a business to let a customer identify themselves only with a CPR number, as far as I'm aware. And they have to prove that it was indeed you who engaged them in a deal. If you know someone's birthday, it's pretty easy to just go through the last four digits with brute force.
I am not buying that a selv though of userid is more sercure than the cpr id. The CPR Id requires that you locate documents with it on it, yes if you get hold of some documents or just our health card, it will be there, however most people will think of a similar unsecure userid, that would be related to easy obtainable information.
To add to that, and if you then give out some "rules" on how to create a unique id, you then have given the hacker a way to figure out what the most likely userid would be.
Remember that the author of the password rules Bill Burr actually regrets making them, because it turns out that they cause even more unsecure passwords to be made.
Agreed. This must be a misunderstanding. User ids are not meant to be secret, so there should be no element of security there.
Funny, i only hear Nem ID i never hear him say Mit ID. So its switch from Nem ID to Nem ID in my ears.. 🤔
I heard the other day, an IT-expert say the Mit-ID is no where near as safe as the Nem-ID.
Mit Id is super vulnerable, to protect yourself make sure not to swipe unless youre sure what you are doing, source critisism is important, just a head up, otherwise its pretty decent... :D Remember its under development
for at skifte fra nemid til mitid skal man have et pas, dette har jeg ikke så jeg kan ikke skifte
You can go to borgerservice and do it in person. I do not have a danish passport either and I changed without a problem.
Are you guys allowed to vote for today's election?
Not yet, you have to be here 4 years.
MitID is much less secure then NemID since they have effectively dropped a factor unless you choose an unguessable username. Since NemID's security wasn't great to begin with its a pretty bad direction we are going in unless you happen to be an IT criminal...
don't get too excited about danish healthcare, it sucks. My advice i would buy private health insurance
Sucks, compare to what? America
@@3goldfinger bad treatment of patient, because of bad money management in our state
@@jonas3619 What do you mean by "our state"?
@@3goldfinger Denmark/government
You should have asked him why MitId is run from Ukraine, that does not make me feel safe?!
It's the dumbest renaming ever!!