HU

Common to Users and Service Providers

What is GoodID?

GoodID is a mobile based, zero-knowledge Identity Provider (IdP) service and framework, incorporating both user authentication and identification, where the security level of authentication and the trustworthiness of identification are highly scalable. It stands for a mobile application, a zero-knowledge data transmission service and an SDK for its easier integration at online Service Providers. More simply, it solves the password and registration problems at once. GoodID is not only a brand-new solution but it also creates a new category of user identification having the optimal balance of user experience and security.

What is Identity Profile in GoodID?

In real and virtual life we have several different roles or identities. In GoodID, an identity profile is a collection of data concerning a role or identity. For example, in your private life you use your private e-mail address, or phone number, but in your workplace, you will use an other e-mail address or phone number.  With your identity profiles, you can manage your data in a transparent and simple way and you can decide which data you share with providers to protect your privacy.

What is the difference between GoodID and social logins like Facebook, Google+, Twitter, LinkedIn, etc.?

The user experience of GoodID and social logins are very similar in that the user can access online services in a fast and convenient way.

The main differences are the following:

  • GoodID incorporates secure multi-factor authentication implemented on the mobile device.
  • GoodID provides zero-knowledge IdP service. GoodID backend service is only responsible for data transmission. It does not store or even see user data; all data are stored only on the mobile and securely encrypted  during the transfer between the mobile and the service provider. E.g. Facebook is not a zero-knowledge solution.
  • In case of GoodID, the service provider can entirely control which kind of data to be requested from the user. They can be mandatory and optional claims to be consistent with the legacy registration form. E.g. Facebook does not support email address as a mandatory claim and delivery address at all.
  • In case of GoodID, the user can entirely control which data to be shared by the service provider. E.g. Facebook shares at least the public profile (user ID, name, profile picture, cover photo, gender, networks like school and workplace, age range, language and country) or more data.
  • GoodID protects user's privacy by generating a different User ID for each service provider, so called pairwise identifiers. E.g. Facebook shares the same User ID with all service providers.
  • GoodID is scalable in terms of the security level of authentication and identification. Social logins are not.
  • GoodID supports offline identification. Social logins do not.

What is the difference between GoodID and password managers like LastPass, 1Password, KeePass, etc.?

Password managers make using passwords easier, GoodID has an entirely different scope:

  • Passwords managers do not cover identification. On the contrary, GoodID also provides user identification during authentication. So, user registration to websites is much faster and more convenient.
  • GoodID does not help password usage, but it avoids using passwords. It provides higher level of security based on strong cryptography and multi-factor authentication.
  • GoodID protects against various attacks like man-in-the-middle and phishing.
  • GoodID supports offline identification.
  • GoodID must be integrated into the web sites in a similar way to social logins, while password managers have to be installed on each device and browser.
  • GoodID basically supports all browsers on all platforms in the same way. Password managers are implemented as browser plugins which are not equally supported by browsers, especially on mobile platforms.

What is the difference between GoodID and OTP based user authentication?

OTP authenticators are used for two factor authentication (2FA) generating secret codes - using e.g. TOTP or HOTP algorithms according to RFC4226, RFC 6238 - which have to be entered into service provider's application as an extension of password based authentication. There are many different implementations of OTP like hardware tokens, SMS based solutions and mobile apps (e.g. Google Authenticator).

GoodID has an entirely different scope:

  • OTP authenticators do not cover identification. However, GoodID also provides user identification during authentication. So, user registration to web sites is much faster and more convenient.
  • GoodID does not strengthen password usage, but it avoids using passwords. There is no need to generate and enter codes during each authentication.
  • GoodID protects against various attacks like man-in-the-middle and real-time phishing.
  • GoodID supports offline identification.

What is the difference between GoodID and FIDO?

FIDO Alliance provides two different set of specifications U2F (Universal 2nd Factor) and UAF (Universal Authentication Framework) for secure authenticators. Both are based on asymmetric cryptography to replace passwords.

GoodID implements very similar cryptography to FIDO authenticators, the following are the main differences:

  • FIDO does not cover identification. However, GoodID provides user identification during authentication. So, user registration to web sites is much faster and more convenient.
  • GoodID follows OpenID Connect specifications.
  • GoodID provides recovery and revocation.
  • GoodID basically supports all browsers on all platforms in the same way. FIDO authenticators require browser plugin which is not equally supported by browsers, especially on mobile platforms.
  • GoodID supports offline identification.

How GoodID provides anonymity for you as an end-user?

In case of GoodID, the user can entirely control which data will be shared with the service provider. GoodID protects user's privacy as well by generating a different User ID for each service provider, so called pairwise identifiers. This solution provides non-traceability for you. Non-traceability means that your User IDs are different to every service provider so the different service providers cannot link your personal information, even if they are collaborating. It also means that if you have different identity profiles (one personal and one business profile for example) for the same service provider you still will be an entirely different entity for that service provider.

So, if you would like to login to a site where you want to stay completely anonym (do not want to provide even a nickname, user name or e-mail address) with GoodID this is perfectly possible. Of course, if the provider agrees as well.

What platforms are supported by GoodID?

GoodID mobile app is implemented on iOS 6+ and Android 4.3+.

Service providers can integrate GoodID into their web application and/or their mobile app. We provide JavaScript and PHP based SDKs for web applications and native SDKs for mobile apps.

How GoodID supports online user identification?

The user enters a web site clicking on "Sign in with GoodID" somewhere in the site, where other social login buttons are placed. A Sign-in request is immediately received on their mobile. Using GoodID app they confirm which data to share and accept the request by simply pressing a button (User Verification with PIN or Touch ID is conditional) and that's it, they will be logged in to the site.

Examples:

  • Sign in to a webshop sharing a little data without User Verification.
  • Sign in to a cloud storage provider sharing no data but with User Verification.
  • Sign in to a blog site using a nickname without User Verification.
  • Sign in to an insurance company using authentic personal data and User Verification.

Notes:

  • User Verification here refers to GoodID internal knowledge based or biometric verification methods.
  • The actual User Verification method applied depends on both, the user and the service provider.
  • When no User Verification is applied, still the actual authentication method can be one factor (something to have) or two factor depending on the lock screen setting of the mobile device (passcode, touch id, etc.)

How GoodID supports user-present identification?

User can identify himself with GoodID at a certain physical place to a service using an inexpensive GoodID sticker – with QR code or NFC – provided by the service provider. The authentication method is the same as in the online case, so service providers can identify their customers the same way as if they came online.

Examples:

  • Existing user - registered online - authenticates himself in the shop with GoodID to get loyalty discount.
  • Existing user - started shopping online - authenticates himself in the shop with GoodID to finish shopping. E.g. due to trying on the item.
  • Users authenticate themselves in the shop with GoodID to get electronic warranty. The service provider associates the electronic warranty document to the actual user’s account. In case of warranty event they are able to prove the exact purchase and so too the permission of the warranty. Essentially this means the user does not have to be an existing customer of the service provider yet.
  • User has registered to a bank online earlier. They authenticate themselves with GoodID in the bank's office or at a contracted identification partner for personal identification to make currency exchange.
  • User has previously rented an apartment online. They can unlock the door with GoodID when they arrive late night.
  • User has received a VIP ticket online. They can authenticate themselves using GoodID when arriving at the event.

What is Sign-in and Sign-up in GoodID

Within GoodID, Sign-in user experience is almost the same as "Sign-up", when the user enters to the actual site first time (in legacy case it is called registration). The main differences are that during Sign-up the Identity Profile has to be chosen and some mandatory data might have to be filled in if it is asked by the Service Provider and not filled yet within the chosen profile.

Why GoodID is more secure than current OTP based 2nd factor authentication methods.

Please see the details at “How LoAs (level of assurance) are handled by GoodID?” and “The business logic of my site requires higher assurance level of user identification at some points. How GoodID supports this?” parts.

It is also important that GoodID sends the sensitive personal data out-of-band. When you use a One-Time-Password authentication, you type in your own password and your One-Time-Password at the same user interface (in-band). Together with automatic origin verification, GoodID provides strong protection against phishing and man-in-the-middle attacks.

Who is behind this website?

ID&Trust’s core business is developing chip based electronic identity solutions like electronic passports and electronic ID cards. After many years of working on such projects with very high security requirements, we noticed one of the biggest vulnerabilities of these systems is getting people to use them properly. Chip cards, though highly secure, can be really inconvenient, as it’s yet another thing we have to carry around with us.

But then we had an idea - what if we take the same concept, but use it for something that everyone always has with them at all times? Thus, GoodID was born, using the same security concepts as smartcards but using your mobile phone instead of another token.

We’ve spent the last 2 years building GoodID in our top-secret security lab. We wanted to find a balance between high security and convenience and create something that everyone could use every day.

We are proud to say we are the first to the market with our concept of using the most secure elements of phones to act as security tokens for online browsing (there are a lot of lookalikes, but no one else is using as secure technologies as we are).

What does end-to-end security mean?

End-to-end security means that the end user’s personal data goes through an encrypted channel between the mobile app and the service provider – also called point-to-point encryption. It means as well that only the service provider has the key to open the encrypted personal information what the mobile app sends to the service provider.

To Users

How GoodID avoids using passwords?

We believe in a passwordless world. Passwords are impossible to remember and making life even more complicated. You only need your smartphone and we know it is with us all the time anyway. With the GoodID app on your phone, passwords become unnecessary as with one-click you can login or register at any site.

How GoodID protects my privacy?

GoodID is a zero-knowledge service to make sure that your data cannot be stolen from us. Your data is stored only on your smartphone and will be shared through an encrypted channel only with the service providers you accept. And only the personal data you agree to share with the service provider. What you share is completely transparent and easy to manage.

How GoodID protects my data stored in the app?

The GoodID app offers software and hardware based data security as well. In the case of software based security (at the LoA-1 to 3 levels) the special key opening the personal data on your phone at the service provider side is stored in our patented, own developed CryptoBox. At LoA-4 level, we use the Android (called Trusted Execution Environment (TEE)) and iOS (called Secure Enclave) smartphone’s hardware based data security. In this case the special key is stored in your device’s own hardware, not in our CryptoBox.

Why do I need GoodID PIN?

If you do not have a lock screen password, you need a PIN for the GoodID app to keep your personal data secure.

 

If you have a lock screen password and you use a PIN for GoodID as well you can protect your personal data with higher security. This could be especially useful if others know your lock screen password e.g. in your family or it is a too simple password. With using the GoodID PIN you do not need more complicated lock screen password.

 

If you use a strong lock screen password and a different GoodID PIN as well then for sure you are on the safe side. However, we do not recommend in any case to use the same password for your lock screen and for GoodID PIN. This will not help to secure your data but causes a more complicated use.

What does "Remember PIN length" mean?

There are two kinds of concepts when requesting a PIN:

1)      enter the specified number of characters correctly

2)      any number of characters must be entered correctly.

 

In the first case, PIN entry is faster, since you do not have to acknowledge the PIN input at the end by pressing OK, e.g. this is the iOS way. In the second case, when entering a PIN, it is not possible to know that exactly how many characters the PIN is, so the latter is safer, but after pressing the PIN, an extra OK key is also required. This method is used e.g. by most Android devices.

What does Autolock mean in Settings?

GoodID applies PIN or fingerprint for user verification. More complicated PIN means higher security, but more difficult to remember. We suggest to set a PIN having at least 8 letters and numbers and then use your fingerprint for log in, if your device supports Touch ID.

GoodID does not store your PIN anywhere. In case you forget your PIN use your PUK on your S.O.S page to set a new PIN.

 

Why backup is so important?

GoodID is a zero-knowledge service. This means that your data is not stored on our servers, but only on your mobile. That's why we offer you several options for secure automatic backups. If your backup is unavailable and your mobile will be damaged or lost, you will lose your GoodID registrations and data. Therefore, we recommend you to set up an easily accessible location for Auto Backup and place S.O.S Page to a safe but accessible place, which you may remember years later.

 

You can choose from multiple cloud providers for Automatically Backup. The most convenient way, if you choose GoodID servers for Auto Backup (default setting). Automatic Backup is instantly encrypted - with your Backup Key - even on your mobile, so nobody can access your data without your Backup Key. Having your Backup and Backup Key from the S.O.S Page you can restore your GoodID app within seconds.

 

Why should I generate an S.O.S page?

Several important codes are on the S.O.S page, which can help if you are in trouble with your GoodID app.

With your Backup Key you can restore your GoodID app from a Backup.

With Revocation Code you can revoke your lost or stolen GoodID app to make it unusable, just type your Revocation Code on www.goodid.net/revocation or read the corresponding QR into another GoodID app (e.g. on your new or on your friend's mobile).

With the PUK you can reset your PIN.

Make sure to put your GoodID S.O.S Page in a safe place but you can easily access it if needed. E.g. print it out, save it to a pendrive or the cloud; or send it to yourself by e-mail. In the latter two cases do not forget to encrypt the S.O.S Page pdf with a password.

Why should I use a password to protect my S.O.S Sheet?

If you want to store your electronic S.O.S page in a secure way, we provide a feature to protect it with a password. We do not store this password anywhere, so please do not forget it.

How do I recover my profiles if my phone is lost, damaged, stolen, etc.?

Bummer! We’re sure you have much more to worry about if you’ve lost your phone than securing all of your online accounts. If you’ve PIN-protected your GoodID app, even if someone else has your phone, all your secrets are safe. If you’ve set up a backup, you can quickly and simply restore all your account info to a new device and be back up and running securely in no time.

Do not forget to create and store the S.O.S. Page in a safe place where you can find it in the case you want to restore your data from a auto-backup.

My phone is lost or stolen but I have forgotten to set device passcode (or touch id, pattern, etc.) as well as PIN in GoodID. So, basically there was no protection on my device. How can I avoid to be impersonated the bad guy?

First step, you should use your revocation code and your stolen GoodID application will be unusable. But do not worry you can restore your data on your new phone.

Second step, with your backup you can completely restore your GoodID application in your new phone!

My browser stores my user name and password. Why should I use GoodID in this case?

In this context, GoodID helps to ease login to the same sites from different devices. Because like this you do not have to store your passwords on all the different devices you use (private phone, business phone, tablet, laptop, etc.) As well, if any of your data change (for example your address) you do not have to change it 

in every registration where you have your previous address. You do it only once in the GoodID app, and you are all set.

Is my smart phone a secure device to store all my sensitive data?

Your smartphone provides hardware based data security, see more details at “How GoodID protects my data stored in the app?” part.

If I already have a registration to a site which integrates GoodID later do I have to register again if I would like to use GoodID?

You do not need to register one more time. If the site uses email address as username you can just sign-in with GoodID than the provider will join to your existing account. Otherwise, login to the site first – where you have existing registration with the traditional login process – and after you are in, you click on the “sign in with GoodID” button and the system takes care of the rest.

If the answer is no for the previous question how does the process go?

Just click on the “sign in with GoodID” button and the system takes care of the rest.

What if I use my smartphone to shop online, not my laptop/PC? Can I use GoodID in this case as well?

GoodID absolutely supports omni-channel shopping. The user experience is quite the same on all devices (such as a smartphone, tablet or laptop).

What is the process of the e-mail verification?

If you provide your e-mail address in the GoodID app, we send a verification code to your inbox. Verify your e-mail address with one click on the verify button or just type the verification code into the GoodID app.

Why is e-mail verification good for me?

Most providers use e-mail verification process to ensure that there is no typo in the e-mail address, or to make sure the e-mail address is actually yours. With GoodID you have to do this process only once and then all GoodID providers accept your e-mail address as verified.

How do we handle your e-mail address?

Your e-mail address is only stored in your GoodID app, our servers delete your e-mail from our database after the verification e-mail has been sent. So, you do not have to worry about spam, or somebody stealing your e-mail address from us.

How can I reuse my profiles?

Your identity profiles are reusable. For example, webshops usually ask about the same personal data information. If you create a webshop profile, you can reuse it to login to every webshop you like with one-click. Same happens if you create a finance profile and you scan your e-ID. This profile with certified personal data can be used to login or register to any bank, insurance or FinTech company.

What does zero-knowledge service mean in GoodID?

Zero-knowledge means that GoodID does not store or save any personal data about you. You own your data, only your mobile device stores it. GoodID only transfers the personal data you agreed to share, between you and the provider while ensuring its highest safety.

Why do I have to pair my browser?

When you pair your phone and your browser, you open a secure communication link between them. After pairing is done, (you need to do this only once) GoodID app on your phone can be in contact with your browser when you sign in with GoodID to websites.

What does "I trust this browser" mean?

When you pair a browser with your mobile, you open a secure communication channel between them. If you trust the browser - e.g. because it is on your PC - you do not need to do pairing at every login.

Important to know, if you trust in the browser and you have set Convenient security level in GoodID app, you will not need your mobile to log in. So, think about trusting this browser accordingly.

E.g. if you are surfing in an internet coffee, or on your friend's laptop then do not check the browser as trustworthy. Logging in is still possible, but your data will be more secure.

What should I do, if I change my mind and I do not trust a browser anymore?

In the settings menu of GoodID app, there is a Paired browsers option. Here, you can manage your paired browsers, e.g. delete, or add a new one.

What does protect my data if there is no password in the „GoodID World”?

Your Touch ID / your GoodID PIN and some proprietary cryptographic keys protect your data on your phone. When you decide to share your data with a service provider your data is safe on the way with our military grading encryption technology.

If I delete the cookies from my browser do I have to pair my phone and my browser again?

Yes, in this case you need to pair your devices again.

If I login to a website every day or more than once a day does the request come to my phone every time?

If you login to a website very often you can use our convenient feature where you name a browser trusted and the request does not come to your phone every time, only every 20th or 30th time.

To Providers

In my webshop users can purchase without registration, what is the point of using GoodID?

Ensuring easy purchase for your users is crucial but not having a registration before purchase does not solve the problem. It makes impossible for you to reach the user and it cannot be identified if he comes back again. Even if you store all their data, it is a very good chance that they will give you different data during each transaction. It is also very frustrating for your customers to enter the same information every time they come back to your site.  This is a very serious business loss for your webshop. If you can provide a one-click login to your users with GoodID, it is a win-win situation for both parties.

How does GoodID support omni-channel sales?

The user experience of singing in with GoodID is quite the same on all channels (mobile, web browser, tablet, physically in the shop). The user can start for example a purchase process from his laptop at home with GoodID, continue on the bus with his mobile and finish it physically in the store. It is all totally easy with GoodID.

What is OAuth2 and OpenID Connect?

OpenID Connect is a simple identity layer on top of the OAuth 2.0, which is used by many Identity Providers such as Google and Facebook.

GoodID is an OpenID Connect compliant (http://openid.net/specs/openid-connect-core1_0.html) identification solution combined with multi-factor authentication, where the Identity Provider is actually the End User itself using GoodID App.

I would like to integrate GoodID to my site, what is the cost?

For early adopters, the core service is free for a long time, please call us for the details. The pricing structure is under preparation, but do not worry, it will be very competitive. Our business strategy is: little becomes much.

What is the easiest way to integrate GoodID to my site?

The front-end integration takes very short time, we usually call it 5-minute integration. If you go to goodid.net and register as a provider we send you the integration documents and the code what you should copy-paste to your site. This solves the GoodID app brings the end user’s personal information you requested to your front-end. It remains your task to save the received user information into your back-end, which by the way is not required, since GoodID transfers the requested most up-to-date end-user data on each sign-in. We also provide SDK with example code to help your back-end integration.

What are the options of GoodID integration?

There are 2 options to integrate GoodID, following OpenID Connect Implicit flow or Authorization Code flow. For more information please visit our support site for developers.

The business logic of my site requires higher assurance level of user identification at some points. How GoodID supports this?

GoodID follows international standards providing four LoAs depending on your business logic:

  • Low (LoA-1)

In this case the request does not sent to the end-user’s smartphone at every sign-in. This is what we call Convenient Authentication in the app.

  • Medium (LoA-2)

Authentication with one factor, i.e. something to have. It is the smartphone in this case. At LoA-2 the sign-in request goes to the phone every single time.

  • High (LoA-3)

On the top of LoA-2, knowledge based (PIN) or biometric User Verification is also required. So, after the end-user accepts the sing-in request on the phone, they must provide their PIN or touch ID as well.

  • Very high (LoA-4)

In the case of LoA-4 the authentication secret must be Trusted (true hardware based key, provided by the smart phone OS, see also TEE or Secure Enclave) to prohibit cloning. We recommend using LoA-4, if it is really necessary, since it does not allow the backup of authentication secrets within GoodID app at end-users’ smart phones. Our proprietary CryptoBox technology also provides very high security with better user experience.

On the top of LoA-4, end-users’ personal data can also be authentic, involving e-ID documents such as passport or e-ID card into the sign-up process. Combining it with our proprietary video based identification solution you can identify you customers at almost the same assurance level as user present identification.

The effective LoA level depends on both the end-user and the service provider statements. As a rule of thumb, always the strictest LoA level will be applied

Can I store my users' data as I did before the GoodID integration?

You can. However, our suggestion is not to do so. Since your site always receives the most up-to-date information about the user who has signed in with GoodID. The app protects user's privacy by generating a different User ID for each service provider, so called pairwise identifiers. You should store this unique User ID only, to be sure this user is a recurring one.

What user information do I receive from the GoodID app?

It depends on your needs. You can entirely customize the attributes (we call these claims following OpenID Connect) you request from your customers. Providing optional and mandatory claims, you can completely follow your existing business logic and registration form.

If I already have tons of registered users do I need to ask them to reregister with GoodID?

There are easy solutions for this issue. For example, if your existing user would like to switch to the login with GoodID option he first signs into the system with the traditional flow. Within the authenticated session he also can “Login with GoodID”, when you can store the User ID provided by GoodID into the same authenticated user account. This way your customer can either sign-in with GoodID or even by the legacy way if needed.

It is a recommended practice to call your end-users’s attention about using GoodID instead, in passport remainder / reset emails.

Other method is putting ‘email_verified’ claim having ‘essential = true’ in the authentication request. This way GoodID will provide guaranteed pre-verified email address value. So, on one hand you do not have to verify the received email address again, on the other hand you can join a new GoodID user with an existing one based on matching email addresses if any.

If I operate with 2 or more websites where users can login. Can GoodID handle this and how?

GoodID can handle Single Sign-On (SSO). If you would like to use this option, we won’t generate different User ID for each of your sites and all of your sites will receive the same User ID for the same user. So, you can easily link the users in your different systems.

What is GoodID’s value proposition if I am a webshop?

Our values to a webshop are:

  • You can authenticate your client without registration (all clients will be registered clients automatically)
  • New users, since all GoodID end-users will be your new potential user
  • Omnichannel sales (you can continue your shopping in any device, without registration however you as a webshop can identify your users)
  • Basket-leave will drastically decrease
  • High-tech user experience
  • World-wide innovative solution
  • Higher security to protect personal data (with less cost)
  • Easy and fast integration process

What is GoodID’s value proposition if I am a bank, insurance or FinTech company?

  • Our technology is more secure than most currently used authentication solution in the finance industry (such as one-time password, SMS authentication or token).
  • We provide trusted and certified personal data about the end users. How we do this? Our unique technology can import authentic data from e-identity cards (such as e-ID, passport, etc.) keeping Passive Authentication available on the imported data as well. So, the end-user does not have to be physically present at the place of the service, e.g. when opening a new account.
  • Secure data store: Our patented CryptoBox technology protects sensitive data with high security measures based on multiple security factors and strong cryptography. This is very similar technology we use in our chip-based solutions for the same reason.
  • The possibility of Single Sign-On (SSO): It is easy to link the existing users in different internal systems.
  • Automatic protection against phishing.
  • Scalable assurance levels based on the needs of the provider.
  • World-wide innovative solution
  • Higher security to protect personal data (with less cost)
  • Provides face-to-face (user present) identification consistent with online identification.
  • Build and improve the trust level of your clients.

Where can developers access GoodID?

If you visit our website and go to the “become a client” option. Please provide your data there and we will get back to you with the integration guide documentation

How does GoodID provide KYC (Know Your Customer)?

GoodID provides trusted and certified personal data about the end users. How we do this? Our unique technology can import authentic data from e-identity cards (such as e-ID, passport, etc.) keeping Passive Authentication available on the imported data as well. So, the end-user does not have to be physically present at the place of the service, e.g. when opening a new account. You just have to use GoodID and you are all set.

Why is this solution better for me than a social login?

  • Social logins are only partial solutions. They help the user to sign in with the same password they use to social login. After this login, they must provide their personal data – what is not known by the identity provider – on every website they enter over and over. So, the inconvenient data providing process does not change at all.
  • In case of GoodID, the provider can decide which data he wants to have as mandatory and which one as optional. Every necessary parameter will be handed over to the provider and no useless data will arrive.
  • GoodID is scalable in terms of the security level of authentication and identification, social logins are not.
  • GoodID supports offline identification in your store, social logins are not.

If I already have an own mobile app for my services can I integrate GoodID into it?

We plan to provide SDK for app integration soon. If you are interested get in touch with us for more information.

What kind of business benefits can the „Providers” menu offer me?

  • We generate new registered users for you: In the Providers menu, our partners are listed and all end users can browse and search for websites they have never used earlier. You, as a provider automatically reach out to this crowd and have the possibility that they will register to your site.
  • You can advertise special deals: Through the Providers menu you can promote any special deal to generate more traffic to your site and drive your revenue performance.

    GoodID FAQ

    Common to Users and Service Providers

    What is GoodID?

    GoodID is a mobile based, zero-knowledge Identity Provider (IdP) service and framework, incorporating both user authentication and identification, where the security level of authentication and the trustworthiness of identification are highly scalable. It stands for a mobile application, a zero-knowledge data transmission service and an SDK for its easier integration at online Service Providers. More simply, it solves the password and registration problems at once. GoodID is not only a brand-new solution but it also creates a new category of user identification having the optimal balance of user experience and security.

    What is Identity Profile in GoodID?

    In real and virtual life we have several different roles or identities. In GoodID, an identity profile is a collection of data concerning a role or identity. For example, in your private life you use your private e-mail address, or phone number, but in your workplace, you will use an other e-mail address or phone number.  With your identity profiles, you can manage your data in a transparent and simple way and you can decide which data you share with providers to protect your privacy.

    What is the difference between GoodID and social logins like Facebook, Google+, Twitter, LinkedIn, etc.?

    The user experience of GoodID and social logins are very similar in that the user can access online services in a fast and convenient way.

    The main differences are the following:

    • GoodID incorporates secure multi-factor authentication implemented on the mobile device.
    • GoodID provides zero-knowledge IdP service. GoodID backend service is only responsible for data transmission. It does not store or even see user data; all data are stored only on the mobile and securely encrypted during the transfer between the mobile and the service provider. E.g. Facebook is not a zero-knowledge solution.
    • In case of GoodID, the service provider can entirely control which kind of data to be requested from the user. They can be mandatory and optional claims to be consistent with the legacy registration form. E.g. Facebook does not support email address as a mandatory claim and delivery address at all.
    • In case of GoodID, the user can entirely control which data to be shared by the service provider. E.g. Facebook shares at least the public profile (user ID, name, profile picture, cover photo, gender, networks like school and workplace, age range, language and country) or more data.
    • GoodID protects user's privacy by generating a different User ID for each service provider, so called pairwise identifiers. E.g. Facebook shares the same User ID with all service providers.
    • GoodID is scalable in terms of the security level of authentication and identification. Social logins are not.
    • GoodID supports offline identification. Social logins do not.

    What is the difference between GoodID and password managers like LastPass, 1Password, KeePass, etc.?

    Password managers make using passwords easier, GoodID has an entirely different scope:

    • Passwords managers do not cover identification. On the contrary, GoodID also provides user identification during authentication. So, user registration to websites is much faster and more convenient.
    • GoodID does not help password usage, but it avoids using passwords. It provides higher level of security based on strong cryptography and multi-factor authentication.
    • GoodID protects against various attacks like man-in-the-middle and phishing.
    • GoodID supports offline identification.
    • GoodID must be integrated into the web sites in a similar way to social logins, while password managers have to be installed on each device and browser.
    • GoodID basically supports all browsers on all platforms in the same way. Password managers are implemented as browser plugins which are not equally supported by browsers, especially on mobile platforms.

    What is the difference between GoodID and OTP based user authentication?

    OTP authenticators are used for two factor authentication (2FA) generating secret codes - using e.g. TOTP or HOTP algorithms according to RFC4226, RFC 6238 - which have to be entered into service provider's application as an extension of password based authentication. There are many different implementations of OTP like hardware tokens, SMS based solutions and mobile apps (e.g. Google Authenticator).

    GoodID has an entirely different scope:

    • OTP authenticators do not cover identification. However, GoodID also provides user identification during authentication. So, user registration to web sites is much faster and more convenient.
    • GoodID does not strengthen password usage, but it avoids using passwords. There is no need to generate and enter codes during each authentication.
    • GoodID protects against various attacks like man-in-the-middle and real-time phishing.
    • GoodID supports offline identification.

    What is the difference between GoodID and FIDO?

    FIDO Alliance provides two different set of specifications U2F (Universal 2nd Factor) and UAF (Universal Authentication Framework) for secure authenticators. Both are based on asymmetric cryptography to replace passwords.

    GoodID implements very similar cryptography to FIDO authenticators, the following are the main differences:

    • FIDO does not cover identification. However, GoodID provides user identification during authentication. So, user registration to web sites is much faster and more convenient.
    • GoodID follows OpenID Connect specifications.
    • GoodID provides recovery and revocation.
    • GoodID basically supports all browsers on all platforms in the same way. FIDO authenticators require browser plugin which is not equally supported by browsers, especially on mobile platforms.
    • GoodID supports offline identification.

    How GoodID provides anonymity for you as an end-user?

    In case of GoodID, the user can entirely control which data will be shared with the service provider. GoodID protects user's privacy as well by generating a different User ID for each service provider, so called pairwise identifiers. This solution provides non-traceability for you. Non-traceability means that your User IDs are different to every service provider so the different service providers cannot link your personal information, even if they are collaborating. It also means that if you have different identity profiles (one personal and one business profile for example) for the same service provider you still will be an entirely different entity for that service provider.

    So, if you would like to login to a site where you want to stay completely anonym (do not want to provide even a nickname, user name or e-mail address) with GoodID this is perfectly possible. Of course, if the provider agrees as well.

    What platforms are supported by GoodID?

    GoodID mobile app is implemented on iOS 6+ and Android 4.3+.

    Service providers can integrate GoodID into their web application and/or their mobile app. We provide JavaScript and PHP based SDKs for web applications and native SDKs for mobile apps.

    How GoodID supports online user identification?

    The user enters a web site clicking on "Sign in with GoodID" somewhere in the site, where other social login buttons are placed. A Sign-in request is immediately received on their mobile. Using GoodID app they confirm which data to share and accept the request by simply pressing a button (User Verification with PIN or Touch ID is conditional) and that's it, they will be logged in to the site.

    Examples:

    • Sign in to a webshop sharing a little data without User Verification.
    • Sign in to a cloud storage provider sharing no data but with User Verification.
    • Sign in to a blog site using a nickname without User Verification.
    • Sign in to an insurance company using authentic personal data and User Verification.

    Notes:

    • User Verification here refers to GoodID internal knowledge based or biometric verification methods.
    • The actual User Verification method applied depends on both, the user and the service provider.
    • When no User Verification is applied, still the actual authentication method can be one factor (something to have) or two factor depending on the lock screen setting of the mobile device (passcode, touch id, etc.)

    How GoodID supports user-present identification?

    User can identify himself with GoodID at a certain physical place to a service using an inexpensive GoodID sticker – with QR code or NFC – provided by the service provider. The authentication method is the same as in the online case, so service providers can identify their customers the same way as if they came online.

    Examples:

    • Existing user - registered online - authenticates himself in the shop with GoodID to get loyalty discount.
    • Existing user - started shopping online - authenticates himself in the shop with GoodID to finish shopping. E.g. due to trying on the item.
    • Users authenticate themselves in the shop with GoodID to get electronic warranty. The service provider associates the electronic warranty document to the actual user’s account. In case of warranty event they are able to prove the exact purchase and so too the permission of the warranty. Essentially this means the user does not have to be an existing customer of the service provider yet.
    • User has registered to a bank online earlier. They authenticate themselves with GoodID in the bank's office or at a contracted identification partner for personal identification to make currency exchange.
    • User has previously rented an apartment online. They can unlock the door with GoodID when they arrive late night.
    • User has received a VIP ticket online. They can authenticate themselves using GoodID when arriving at the event.

    What is Sign-in and Sign-up in GoodID

    Within GoodID, Sign-in user experience is almost the same as "Sign-up", when the user enters to the actual site first time (in legacy case it is called registration). The main differences are that during Sign-up the Identity Profile has to be chosen and some mandatory data might have to be filled in if it is asked by the Service Provider and not filled yet within the chosen profile.

    Why GoodID is more secure than current OTP based 2nd factor authentication methods.

    Please see the details at “How LoAs (level of assurance) are handled by GoodID?” and “The business logic of my site requires higher assurance level of user identification at some points. How GoodID supports this?” parts.

    It is also important that GoodID sends the sensitive personal data out-of-band. When you use a One-Time-Password authentication, you type in your own password and your One-Time-Password at the same user interface (in-band). Together with automatic origin verification, GoodID provides strong protection against phishing and man-in-the-middle attacks.

    Who is behind this website?

    ID&Trust’s core business is developing chip based electronic identity solutions like electronic passports and electronic id cards. After many years of working on such projects with very high security requirements, we noticed one of the biggest vulnerabilities of these systems is getting people to use them properly. Chip cards, though highly secure, can be really inconvenient, as it’s yet another thing we have to carry around with us.

    But then we had an idea - what if we take the same concept, but use it for something that everyone always has with them at all times? Thus, GoodID was born, using the same security concepts as smartcards but using your mobile phone instead of another token.

    We’ve spent the last 2 years building GoodID in our top-secret security lab. We wanted to find a balance between high security and convenience and create something that everyone could use every day.

    We are proud to say we are the first to the market with our concept of using the most secure elements of phones to act as security tokens for online browsing (there are a lot of lookalikes, but no one else is using as secure technologies as we are).

    What does end-to-end security mean?

    End-to-end security means that the end user’s personal data goes through an encrypted channel between the mobile app and the service provider – also called point-to-point encryption. It means as well that only the service provider has the key to open the encrypted personal information what the mobile app sends to the service provider.

    To Users

    How GoodID avoids using passwords?

    We believe in a passwordless world. Passwords are impossible to remember and making life even more complicated. You only need your smartphone and we know it is with us all the time anyway. With the GoodID app on your phone, passwords become unnecessary as with one-click you can login or register at any site.

    How GoodID protects my privacy?

    GoodID is a zero-knowledge service to make sure that your data cannot be stolen from us. Your data is stored only on your smartphone and will be shared through an encrypted channel only with the service providers you accept. And only the personal data you agree to share with the service provider. What you share is completely transparent and easy to manage.

    How GoodID protects my data stored in the app?

    The GoodID app offers software and hardware based data security as well. In the case of software based security (at the LoA-1 to 3 levels) the special key opening the personal data on your phone at the service provider side is stored in our patented, own developed CryptoBox. At LoA-4 level, we use the Android (called Trusted Execution Environment (TEE)) and iOS (called Secure Enclave) smartphone’s hardware based data security. In this case the special key is stored in your device’s own hardware, not in our CryptoBox.

    Why do I need GoodID PIN?

    If you do not have a lock screen password, you need a PIN for the GoodID app to keep your personal data secure.

     

    If you have a lock screen password and you use a PIN for GoodID as well you can protect your personal data with higher security. This could be especially useful if others know your lock screen password e.g. in your family or it is a too simple password. With using the GoodID PIN you do not need more complicated lock screen password.

     

    If you use a strong lock screen password and a different GoodID PIN as well then for sure you are on the safe side. However, we do not recommend in any case to use the same password for your lock screen and for GoodID PIN. This will not help to secure your data but causes a more complicated use.

    What does Remember PIN length mean?

    There are two kinds of concepts when requesting a PIN:

    1)      enter the specified number of characters correctly

    2)      any number of characters must be entered correctly.

     

    In the first case, PIN entry is faster, since you do not have to acknowledge the PIN input at the end by pressing OK, e.g. this is the iOS way. In the second case, when entering a PIN, it is not possible to know that exactly how many characters the PIN is, so the latter is safer, but after pressing the PIN, an extra OK key is also required. This method is used e.g. by most Android devices.

    What does Autolock mean in Settings?

    GoodID applies PIN or fingerprint for user verification. More complicated PIN means higher security, but more difficult to remember. We suggest to set a PIN having at least 8 letters and numbers and then use your fingerprint for log in, if your device supports Touch ID.

    GoodID does not store your PIN anywhere. In case you forget your PIN use your PUK on your S.O.S page to set a new PIN.

     

    Why backup is so important?

    GoodID is a zero-knowledge service. This means that your data is not stored on our servers, but only on your mobile. That's why we offer you several options for secure automatic backups. If your backup is unavailable and your mobile will be damaged or lost, you will lose your GoodID registrations and data. Therefore, we recommend you to set up an easily accessible location for Auto Backup and place S.O.S Page to a safe but accessible place, which you may remember years later.

     

    You can choose from multiple cloud providers for Automatically Backup. The most convenient way, if you choose GoodID servers for Auto Backup (default setting). Automatic Backup is instantly encrypted - with your Backup Key - even on your mobile, so nobody can access your data without your Backup Key. Having your Backup and Backup Key from the S.O.S Page you can restore your GoodID app within seconds.

     

    Why should I generate an S.O.S page?

    Several important codes are on the S.O.S page, which can help if you are in trouble with your GoodID app.

    With your Backup Key you can restore your GoodID app from a Backup.

    With Revocation Code you can revoke your lost or stolen GoodID app to make it unusable, just type your Revocation Code on www.goodid.net/revocation or read the corresponding QR into another GoodID app (e.g. on your new or on your friend's mobile).

    With the PUK you can reset your PIN.

    Make sure to put your GoodID S.O.S Page in a safe place but you can easily access it if needed. E.g. print it out, save it to a pendrive or the cloud; or send it to yourself by e-mail. In the latter two cases do not forget to encrypt the S.O.S Page pdf with a password.

     

    Why should I use a password to protect my S.O.S Sheet?

    If you want to store your electronic S.O.S page in a secure way, we provide a feature to protect it with a password. We do not store this password anywhere, so please do not forget it.

    How do I recover my profiles if my phone is lost, damaged, stolen, etc.?

    Bummer! We’re sure you have much more to worry about if you’ve lost your phone than securing all of your online accounts. If you’ve PIN-protected your GoodID app, even if someone else has your phone, all your secrets are safe. If you’ve set up a backup, you can quickly and simply restore all your account info to a new device and be back up and running securely in no time.

    Do not forget to create and store the S.O.S. Page in a safe place where you can find it in the case you want to restore your data from a auto-backup.

    My phone is lost or stolen but I have forgotten to set device passcode (or touch id, pattern, etc.) as well as PIN in GoodID. So, basically there was no protection on my device. How can I avoid to be impersonated the bad guy?

    First step, you should use your revocation code and your stolen GoodID application will be unusable. But do not worry you can restore your data on your new phone.

    Second step, with your backup you can completely restore your GoodID application in your new phone!

    My browser stores my user name and password. Why should I use GoodID in this case?

    In this context, GoodID helps to ease login to the same sites from different devices. Because like this you do not have to store your passwords on all the different devices you use (private phone, business phone, tablet, laptop, etc.) As well, if any of your data change (for example your address) you do not have to change it in every registration where you have your previous address. You do it only once in the GoodID app, and you are all set.

    Is my smart phone a secure device to store all my sensitive data?

    Your smartphone provides hardware based data security, see more details at “How GoodID protects my data stored in the app?” part.

    If I already have a registration to a site which integrates GoodID later do I have to register again if I would like to use GoodID?

    You do not need to register one more time. If the site uses email address as username you can just sign-in with GoodID than the provider will join to your existing account. Otherwise, login to the site first – where you have existing registration with the traditional login process – and after you are in, you click on the “sign in with GoodID” button and the system takes care of the rest.

    If the answer is no for the previous question how does the process go?

    Just click on the “sign in with GoodID” button and the system takes care of the rest.

    What if I use my smartphone to shop online, not my laptop/PC? Can I use GoodID in this case as well?

    GoodID absolutely supports omni-channel shopping. The user experience is quite the same on all devices (such as a smartphone, tablet or laptop).

    What is the process of the e-mail verification?

    If you provide your e-mail address in the GoodID app, we send a verification code to your inbox. Verify your e-mail address with one click on the verify button or just type the verification code into the GoodID app.

    Why is e-mail verification good for me?

    Most providers use e-mail verification process to ensure that there is no typo in the e-mail address, or to make sure the e-mail address is actually yours. With GoodID you have to do this process only once and then all GoodID providers accept your e-mail address as verified.

    How do we handle your e-mail address?

    Your e-mail address is only stored in your GoodID app, our servers delete your e-mail from our database after the verification e-mail has been sent. So, you do not have to worry about spam, or somebody stealing your e-mail address from us.

    How can I reuse my profiles?

    Your identity profiles are reusable. For example, webshops usually ask about the same personal data information. If you create a webshop profile, you can reuse it to login to every webshop you like with one-click. Same happens if you create a finance profile and you scan your e-ID. This profile with certified personal data can be used to login or register to any bank, insurance or FinTech company.

    What does zero-knowledge service mean in GoodID?

    Zero-knowledge means that GoodID does not store or save any personal data about you. You own your data, only your mobile device stores it. GoodID only transfers the personal data you agreed to share, between you and the provider while ensuring its highest safety.

    Why do I have to pair my browser?

    When you pair your phone and your browser, you open a secure communication link between them. After pairing is done, (you need to do this only once) GoodID app on your phone can be in contact with your browser when you sign in with GoodID to websites.

    What does "I trust this browser" mean?

    When you pair a browser with your mobile, you open a secure communication channel between them. If you trust the browser - e.g. because it is on your PC - you do not need to do pairing at every login.

    Important to know, if you trust in the browser and you have set Convenient security level in GoodID app, you will not need your mobile to log in. So, think about trusting this browser accordingly.

    E.g. if you are surfing in an internet coffee, or on your friend's laptop then do not check the browser as trustworthy. Logging in is still possible, but your data will be more secure.

    What should I do, if I change my mind and I do not trust a browser anymore?

    In the settings menu of GoodID app, there is a Paired browsers option. Here, you can manage your paired browsers, e.g. delete, or add a new one.

     

    What does protect my data if there is no password in the „GoodID World”?

    Your Touch ID / your GoodID PIN and some proprietary cryptographic keys protect your data on your phone. When you decide to share your data with a service provider your data is safe on the way with our military grading encryption technology.

    If I delete the cookies from my browser do I have to pair my phone and my browser again?

    Yes, in this case you need to pair your devices again.

    If I login to a website every day or more than once a day does the request come to my phone every time?

    If you login to a website very often you can use our convenient feature where you name a browser trusted and the request does not come to your phone every time, only every 20th or 30th time.

    To Providers

    In my webshop users can purchase without registration, what is the point of using GoodID?

    Ensuring easy purchase for your users is crucial but not having a registration before purchase does not solve the problem. It makes impossible for you to reach the user and it cannot be identified if he comes back again. Even if you store all their data, it is a very good chance that they will give you different data during each transaction. It is also very frustrating for your customers to enter the same information every time they come back to your site.  This is a very serious business loss for your webshop. If you can provide a one-click login to your users with GoodID, it is a win-win situation for both parties.

    How does GoodID support omni-channel sales?

    The user experience of singing in with GoodID is quite the same on all channels (mobile, web browser, tablet, physically in the shop). The user can start for example a purchase process from his laptop at home with GoodID, continue on the bus with his mobile and finish it physically in the store. It is all totally easy with GoodID.

    What is OAuth2 and OpenID Connect?

    OpenID Connect is a simple identity layer on top of the OAuth 2.0, which is used by many Identity Providers such as Google and Facebook.

    GoodID is an OpenID Connect compliant (http://openid.net/specs/openid-connect-core1_0.html) identification solution combined with multi-factor authentication, where the Identity Provider is actually the End User itself using GoodID App.

    I would like to integrate GoodID to my site, what is the cost?

    For early adopters, the core service is free for a long time, please call us for the details. The pricing structure is under preparation, but do not worry, it will be very competitive. Our business strategy is: little becomes much.

    What is the easiest way to integrate GoodID to my site?

    The front-end integration takes very short time, we usually call it 5-minute integration. If you go to goodid.net and register as a provider we send you the integration documents and the code what you should copy-paste to your site. This solves the GoodID app brings the end user’s personal information you requested to your front-end. It remains your task to save the received user information into your back-end, which by the way is not required, since GoodID transfers the requested most up-to-date end-user data on each sign-in. We also provide SDK with example code to help your back-end integration.

    What are the options of GoodID integration?

    There are 2 options to integrate GoodID, following OpenID Connect Implicit flow or Authorization Code flow. For more information please visit our support site for developers.

    The business logic of my site requires higher assurance level of user identification at some points. How GoodID supports this?

    GoodID follows international standards providing four LoAs depending on your business logic:

    • Low (LoA-1)

    In this case the request does not sent to the end-user’s smartphone at every sign-in. This is what we call Convenient Authentication in the app.

    • Medium (LoA-2)

    Authentication with one factor, i.e. something to have. It is the smartphone in this case. At LoA-2 the sign-in request goes to the phone every single time.

    • High (LoA-3)

    On the top of LoA-2, knowledge based (PIN) or biometric User Verification is also required. So, after the end-user accepts the sing-in request on the phone, they must provide their PIN or touch ID as well.

    • Very high (LoA-4)

    In the case of LoA-4 the authentication secret must be Trusted (true hardware based key, provided by the smart phone OS, see also TEE or Secure Enclave) to prohibit cloning. We recommend using LoA-4, if it is really necessary, since it does not allow the backup of authentication secrets within GoodID app at end-users’ smart phones. Our proprietary CryptoBox technology also provides very high security with better user experience.

    On the top of LoA-4, end-users’ personal data can also be authentic, involving e-ID documents such as passport or e-ID card into the sign-up process. Combining it with our proprietary video based identification solution you can identify you customers at almost the same assurance level as user present identification.

    The effective LoA level depends on both the end-user and the service provider statements. As a rule of thumb, always the strictest LoA level will be applied

    Can I store my users' data as I did before the GoodID integration?

    You can. However, our suggestion is not to do so. Since your site always receives the most up-to-date information about the user who has signed in with GoodID. The app protects user's privacy by generating a different User ID for each service provider, so called pairwise identifiers. You should store this unique User ID only, to be sure this user is a recurring one.

    What user information do I receive from the GoodID app?

    It depends on your needs. You can entirely customize the attributes (we call these claims following OpenID Connect) you request from your customers. Providing optional and mandatory claims, you can completely follow your existing business logic and registration form.

    If I already have tons of registered users do I need to ask them to reregister with GoodID?

    There are easy solutions for this issue. For example, if your existing user would like to switch to the login with GoodID option he first signs into the system with the traditional flow. Within the authenticated session he also can “Login with GoodID”, when you can store the User ID provided by GoodID into the same authenticated user account. This way your customer can either sign-in with GoodID or even by the legacy way if needed.

    It is a recommended practice to call your end-users’s attention about using GoodID instead, in passport remainder / reset emails.

    Other method is putting ‘email_verified’ claim having ‘essential = true’ in the authentication request. This way GoodID will provide guaranteed pre-verified email address value. So, on one hand you do not have to verify the received email address again, on the other hand you can join a new GoodID user with an existing one based on matching email addresses if any.

    If I operate with 2 or more websites where users can login. Can GoodID handle this and how?

    GoodID can handle Single Sign-On (SSO). If you would like to use this option, we won’t generate different User ID for each of your sites and all of your sites will receive the same User ID for the same user. So, you can easily link the users in your different systems.

    What is GoodID’s value proposition if I am a webshop?

    Our values to a webshop are:

    • You can authenticate your client without registration (all clients will be registered clients automatically)
    • New users, since all GoodID end-users will be your new potential user
    • Omnichannel sales (you can continue your shopping in any device, without registration however you as a webshop can identify your users)
    • Basket-leave will drastically decrease
    • High-tech user experience
    • World-wide innovative solution
    • Higher security to protect personal data (with less cost)
    • Easy and fast integration process

    What is GoodID’s value proposition if I am a bank, insurance or FinTech company?

    • Our technology is more secure than most currently used authentication solution in the finance industry (such as one-time password, SMS authentication or token).
    • We provide trusted and certified personal data about the end users. How we do this? Our unique technology can import authentic data from e-identity cards (such as e-ID, passport, etc.) keeping Passive Authentication available on the imported data as well. So, the end-user does not have to be physically present at the place of the service, e.g. when opening a new account.
    • Secure data store: Our patented CryptoBox technology protects sensitive data with high security measures based on multiple security factors and strong cryptography. This is very similar technology we use in our chip-based solutions for the same reason.
    • The possibility of Single Sign-On (SSO): It is easy to link the existing users in different internal systems.
    • Automatic protection against phishing.
    • Scalable assurance levels based on the needs of the provider.
    • World-wide innovative solution
    • Higher security to protect personal data (with less cost)
    • Provides face-to-face (user present) identification consistent with online identification.
    • Build and improve the trust level of your clients.

    Where can developers access GoodID?

    If you visit our website and go to the “become a client” option. Please provide your data there and we will get back to you with the integration guide documentation

    How does GoodID provide KYC (Know Your Customer)?

    GoodID provides trusted and certified personal data about the end users. How we do this? Our unique technology can import authentic data from e-identity cards (such as e-ID, passport, etc.) keeping Passive Authentication available on the imported data as well. So, the end-user does not have to be physically present at the place of the service, e.g. when opening a new account. You just have to use GoodID and you are all set.

    Why is this solution better for me than a social login?

    • Social logins are only partial solutions. They help the user to sign in with the same password they use to social login. After this login, they must provide their personal data – what is not known by the identity provider – on every website they enter over and over. So, the inconvenient data providing process does not change at all.
    • In case of GoodID, the provider can decide which data he wants to have as mandatory and which one as optional. Every necessary parameter will be handed over to the provider and no useless data will arrive.
    • GoodID is scalable in terms of the security level of authentication and identification, social logins are not.
    • GoodID supports offline identification in your store, social logins are not.

    If I already have an own mobile app for my services can I integrate GoodID into it?

    We plan to provide SDK for app integration soon. If you are interested get in touch with us for more information.

    What kind of business benefits can the „Providers” menu offer me?

    • We generate new registered users for you: In the Providers menu, our partners are listed and all end users can browse and search for websites they have never used earlier. You, as a provider automatically reach out to this crowd and have the possibility that they will register to your site.
    • You can advertise special deals: Through the Providers menu you can promote any special deal to generate more traffic to your site and drive your revenue performance.