Many users prefer convenience to security even with DigiD

Last month, the Dutch government published the report of its latest survey of electronic government. The report provided further evidence of the security and login paradox highlighted by our own survey of Trends in Online Security & e-Identity. Even if people recognise that a given login method is less secure, they will still use it if it's convenient.

84 per cent of logins don't involve 2FA

Data on DigiD and two-factor authentication (2FA) confirms that the vast majority of logins are single-factor. Dutch consumers regard DigiD as one of the most secure ways of logging in, especially if a second authentication factor is involved. Yet very few of them actually opt for 2FA: 84 per cent of DigiD logins are made using only one factor.

DigiD app has the biggest reach

What makes reluctance to use 2FA particularly surprising is that a DigiD app is readily available. In our mobile-dominated communications landscape, apps are the way of reaching a big audience. And the DigiD app has been the most widely installed Dutch government app since summer 2018, when 7.9 per cent of the public were found to have it on their phones. By the end of last year, the figure topped 10 per cent. Nevertheless, only 3 per cent of logins make use of the app. In other words, the app's popularity hasn't led to more secure login behaviour.

Ignorance and convenience

Part of the explanation is that a disproportionately large number of people accessing government services do so using PCs and laptops, rather than mobile devices. Another issue is that many people don't realise that they can use 2FA. Much of the problem, however, is that people simply prefer convenience. The use of 2FA is rarely mandatory, and single-factor authentication is less trouble.

Big gap between awareness and behaviour

DigiD is used mainly for accessing government services. Our research shows that a sizeable majority of consumers are aware of 2FA and want to use it; only 6 per cent of respondents described it as unnecessary. In practice, though, they rarely opt for 2FA. So there's a big gap between awareness and behaviour: consumers have the knowledge, but don't act on it.

Comments

  • Friday 11 October 2019

    About SIDN

    New series of 'When I grow up'

    later-als-ik-groot-ben-uitzending-tumbnail

    With support from SIDN

    Read more
  • Wednesday 11 September 2019

    Internet security

    Very last IPv4 addresses to be assigned later this year

    Thumb-red-stamp-on-a-white-background-sold-out

    RIPE NCC scrapes together address block remnants

    Read more
  • Monday 17 December 2018

    Knowledge

    IDnext and SIDN intensify collaboration

    Thumb-logo-IDnext

    Joint IDnext event will promote innovation in the field of digital identification

    Read more

Sorry

Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.