PIN codes are private and should not be shared with anyone else. All transactions made with Smart-ID are legally binding, so it is very important that you keep your PIN codes safe:
- when setting up your account, choose PIN1 and PIN2 codes that would be easy for you to remember without having to write them down
- don’t share your PIN codes with other people, even family members
- your PIN codes are not stored anywhere within our system – they can’t be changed and there is no “password reminder” if you forget them
During each Smart-ID transaction, the PIN, which you enter, is used to decrypt the share inside the Smart-ID app. The result is sent to the server, which then mathematically applies its own share of the cryptographic key. If the entered PIN is correct, the result is a valid signature. Smart-ID is built in a way that means if the attackers get a hold of your mobile device, they cannot implement a brute-force attack and run through all possible PIN combinations. If they should try, the Smart-ID server locks the certificate and prevents the attack.