Many users prefer convenience to security even with DigiD

Last month, the Dutch government published the report of its latest survey of electronic government. The report provided further evidence of the security and login paradox highlighted by our own survey of Trends in Online Security & e-Identity. Even if people recognise that a given login method is less secure, they will still use it if it's convenient.

84 per cent of logins don't involve 2FA

Data on DigiD and two-factor authentication (2FA) confirms that the vast majority of logins are single-factor. Dutch consumers regard DigiD as one of the most secure ways of logging in, especially if a second authentication factor is involved. Yet very few of them actually opt for 2FA: 84 per cent of DigiD logins are made using only one factor.

DigiD app has the biggest reach

What makes reluctance to use 2FA particularly surprising is that a DigiD app is readily available. In our mobile-dominated communications landscape, apps are the way of reaching a big audience. And the DigiD app has been the most widely installed Dutch government app since summer 2018, when 7.9 per cent of the public were found to have it on their phones. By the end of last year, the figure topped 10 per cent. Nevertheless, only 3 per cent of logins make use of the app. In other words, the app's popularity hasn't led to more secure login behaviour.

Ignorance and convenience

Part of the explanation is that a disproportionately large number of people accessing government services do so using PCs and laptops, rather than mobile devices. Another issue is that many people don't realise that they can use 2FA. Much of the problem, however, is that people simply prefer convenience. The use of 2FA is rarely mandatory, and single-factor authentication is less trouble.

Big gap between awareness and behaviour

DigiD is used mainly for accessing government services. Our research shows that a sizeable majority of consumers are aware of 2FA and want to use it; only 6 per cent of respondents described it as unnecessary. In practice, though, they rarely opt for 2FA. So there's a big gap between awareness and behaviour: consumers have the knowledge, but don't act on it.



Michiel Henneke

Marketing manager

+31 26 352 55 00

  • Wednesday 31 January 2018

    About SIDN

    Fault update: DRS and Whois available again

    The problems have now been resolved

    Read more
  • Tuesday 3 October 2017

    About SIDN

    Key relay: keeping the DNSSEC chain intact during transfers


    An internet standard developed by SIDN

    Read more
  • Tuesday 25 June 2019

    SIDN Labs

    Increasing use of algorithm 13 for DNSSEC signing


    .nl chart of the month; a closer look at the charts on

    Read more


Your browser is too old to optimally experience this website. Upgrade your browser to improve your experience.