Logging in with mobile certificate

The mobile certificate is a service provided by Finnish mobile phone operators. The mobile certificate is used for authenticating the identity of a user at login to a web service or in electronic signatures.

Mobile certificate is available for most mobile phones. Yet the identification with mobile certificate requires changing the SIM card in the phone. You can change your SIM card by visiting your mobile phone operator’s store. You can find more information about getting mobile certificate on your mobile phone operator’s own website.

It’s easy to use mobile certificate!

Mobile identification is easy. After getting a SIM card with a mobile certificate you create a personal passcode meant for your own use. The passcode is 4 to 8 characters. The passcode is used in the actual identification procedure. There is no use of one-time password lists. Instead, your personal passcode that you have created is used in the identification.

When logging in to a web service that requires mobile identification, you first enter your mobile phone number to the web service in the internet. The service then sends a notice about the login attempt to your mobile phone number. The actual identification happens when you answer to the notice you have received by writing your personal passcode. Then the actual service opens and you get to use the service.

Mobile identification is a chargeable supplementary service for the user. When identifying yourself with a mobile phone, your mobile phone operator charges you for identifying according to their own rates.

Mobile identification is safe!

Mobile identification meets the statutory requirements for strong authentication, and it is a secure identification tool. The identification process is encrypted and separate from the actual transaction channel being used. It might seem to the user that they are sending the passcode by SMS, but this is not what really happens. The passcode is not sent forward from the SIM card. What makes mobile identification even more secure is that you don’t not have to carry around one-time password lists.

What if the passcode disappears?

You should never give your passcode to anyone else, neither should you have it written down on paper or kept in a place where it can be stolen. If you have reason to suspect that an unauthorized person has obtained access to your passcode, you should contact your own mobile phone operator. If both the mobile phone and the passcode fall into the wrong hands, make sure to contact both the authorities and your own mobile phone operator. In this case, your mobile certificate will be deactivated immediately.

If you try to enter an incorrect passcode too many times in a row, when using the mobile identification, the mobile certificate will be locked. To unlock a mobile certificate, you either need to identify yourself through some other strong identification tool, or pay a visit to your network operator’s customer service.