Yes, MitID is a secure solution, so when your bank informs you to get MitID, it is safe to do so.
In regard to the MitID app, you don't need a pincode, when you log into the self-service solotion - you can log in using your user ID alone. MitID has moved the keying of the pincode over to the app. The difference between NemID and MitID on this point is that for NemID, the pincode is checked and validated centrally, while for MitID, it is the pin code for the app that is checked and validated centrally. This means that the security that earlier was placed on the NemID pincode now is placed on the pincode for the app. The result is better protection against the type of keylogger attacks, we have experienced on NemID, where criminals spot a user's pincode, as they enter it on a webpage.
Therefore, you don't need to be concerned, when you in MitID no longer need to enter a pincode with the user ID.
MitID is personal and not to be shared with anyone. This is also the case for your user ID - it is yours alone. It is important to create a user ID that is difficult for others to identify - e.g. you should use special characters or numbers in your user ID to make it less likely to be compromised.
A user ID cannot stand alone. Thus, the situation that someone is able to identify your user ID that alone will not enable the person to get access to your identity. To use MitID, just like with NemID, you need to approve the transaction using the app, the code display, the audio code reader or the chip. This is done by by entering a PIN code and then approve the transaction by swiping the request with a reference text - a reference text that describes the transaction you are about to approve. If you have a code display or an audio code reader, you are required to enter an access code and then approved the transaction using a six diget code that you get from the code display or the audio code reader.
To prevent a user from inadvertently approving a transaction that the user has not initiated, the user will not receive a push notification on the phone - the way we have been condtioned to by NemID. The user must open the MitID app to check and approve requests. If a scammer sends a request, the request will not pop up on the screen by itself - the user will see the request when the user actively opens the app.
A request in the MitID app expires and disappears after five minuttes. This, combined with not receiving a push notification, make it more difficutlt for scammers to manipulate a user into approving a transaction not initiated by her or him.
Always read the transaction you are about to approve with MitID. It the text doesn't match your expectations, or if it isn't a transaction you have initiated - do not approve.
If you suspect that someone has accessed your MitID via the self-service universe on MitID.dk, contact mitID support immediately to get your MitID blocked for the moment.
The self-service universe allows you to change your phone number, email, and other personal information pertinent to MitID.
Scammers can only get access to your self-service setup, if you approve their access by swiping/approve a MitID request that opens your MitID self-service universe.
If you unintentionally have allowed the scammer access, and the scammer changes something, e.g. tries to install MitID on a new phone, you will be notified by sms. If that happens, you need to contact MitID support immediately to have your MitID suspended.
It is important to be alert, if someone calls and pretends to represent your bank or a public authority, and ask you to make transactions using MitID.
Neither the police, the Danish Agenscy for Digitisation, your bank or any other institutional authority will ever ask a citizen for personal log in information or access codes using email, sms, phone or as you to approve a transaction, that you have not initiated yourself.
In October this year, we introduced a security update that notifies you, if your phonenumer or email address is being changed in your self-service universe.
In early December we made our security even stronger to better protect you from identity theft. Concretely, we have added an additional security step go make it even more difficult for criminals to get access to important information, e.g. phonenumber and emails, in the self-service part of MitID.dk. Practivally, this means that this upgrade requires you to to login twice with an hour between logins to complete changes in MitID.dk. In addtion, you will receive a message, when attempts are made to complete changes. You will also receive a message warning you not to share your MitID by allowing others to get access. All this will will protect the you against swindel.
Yes, you will be notified via the MitID app, sms, or email, if critical incidents happen to your MitID, e.g. if the MitID app is activated on a new device, and if your personal information is changed. You can choose to be notified everytime your MitID is in use. Should you suspect abuse of your MitID, contact MitID support immediately to have your MitID blocked for now.