The most important Hungarian e-government sites – NAV (tax and customs administration), EESZT – (central health system), e.g. – login interface, the KAÜ (central administrative identification agent), better known as the Client Gate, can be accessed from the 3rd of June with the simplest two-factor user authentication solution developed by E-Group, using the time-based one-time password (TOTP).
The essence of two-factor authentication is that in addition to the traditional username/password, a time-limited code arriving on a mobile device must be entered to access the interface. Limited-time extra authentication almost eliminates the possibility of automated abuse, reduces the risk of accidental entry (and purchase), and also benefits service providers by requesting a new confirmation of a new entry, thereby reducing the possibility of complaints.
Two-factor authentication is already used in many places, but while previously the second factor was primarily SMS-based code, it was replaced by an open standard-based solution that most people could encounter while using the largest social networking site or the best-known email system. Several authentication applications can be downloaded to the mobile device, in addition to the recommended NISZ app, also the authenticator from Google or Microsoft can be used.
The advantage of using TOTP is that it is free, there is no well-known possible network delay for SMS and it is also easier to protect against malware than a one-time password to the SMS storage, which can be read by almost any mobile application. The downside to the solution is that it requires a mobile app, making it unavailable to feature phones.
Although the possibility of two-factor authentication has been technically created by E-Group for 7 years for the use of the KAÜ/Client Gate, it was still too new at that time, therefore the lack of user experience, the relatively small number of smart mobile devices, and the introduction of the NFC eID Document pushed into the background due to. However, the solution is now published, which is a significant step forward for the current and future systems (even applications of market participants) based on the Hungarian public administration.
E-Group’s identification solutions solve the authentication problems of many market players. A so-called challenge-response layer can be easily superimposed on the two-factor identification solution. IT systems that support know your customer processes are essential for any market player that identifies and screens its customers in terms of regulation, finance, taxation, and/or security. The complex identification solution offered primarily to financial institutions and banks can also be used in other segments where the approval of transactions or the initiation of electronic payment transactions may arise. This includes insurance companies, law firms, real estate agents, internet and mobile operators, online gambling market players, and even simpler web shops using regular virtual payment solutions.
The possibility of the simplest two-factor user authentication solution on the KAÜ/Client Gate login interface is also great news because more and more sensitive (e.g. health) data is available through the e-government site, the protection and security of which is an essential interest for all parties involved.
Hopefully, this secure solution will also bring more and more opportunities for citizens and/or institutional administration online, making everyday life easier.