Hmm it looks like the MyID App on iPhone it utterly borked at the moment.
Launch it, it does a FaceID verification, then instant crashes.
App Store reviews seem to suggest it’s been broken since the last release which was ... *checks notes* ... one month ago 🤦🏻♂️
That's a pretty pathetic timeframe to release a fix for an app that is completely broken..
I am still annoyed about my first interaction with #myID (or lack thereof).
I use F-Droid App Store on my phone and generally expect everything I use to be supported in a web browser (e.g. my bank) or in an open source app from F-Droid. I'm not that precious (I swear), I just think this is a fairly practical and safe way of using a smartphone with much lower data leakage.
Last year I went to interact with a government department that requires the myID app. The app only officially supports Google Play and Apple App Store, obtained from those respective stores.
I might have been able to source an APK (Android Package Kit) file and it maybe would have worked on my phone if it's not using Play Services, but I don't want to do that. I have a YubiKey that supports PassKeys. It is possible to do this sort of thing in a web browser. myGov supports PassKeys as a login mechanism, but myID does not.
(1/2)
#DigitalID: for government, by government, web-capable and standards-based.
I think that has a nice ring to it, and it's achievable (https://bne.social/@andrew/113506044045409357).
"For government" implies no social media age verification shenanigans.
My opinion is my own of course but I intend to bring this to EFA and like-minded organisations.
Serious question: could #myGov become part of #DigitalID scheme and be merged with #myID, with all of the capabilities of myGov retained (website + multiple 2FA methods)? To explain a bit, both myGov and myID are currently identity providers. myID is an app that can be used as an IdP for government services like ABRS. myGov is a website and app that can be used as an IdP for ATO and Centrelink among others. myGov supports multiple 2FA methods like SMS, Passkeys and (perhaps confusingly) myID. myID itself doesn't appear to have any MFA methods but is pinned to a device with one-off verification for that to happen. Why not bring myGov into the Digital ID fold, and merge most of myID's capabilities into myGov? Since myID is also being used as MFA for myGov I would rename the myID app to "myGov MFA" so it could continue to be used for that purpose. Passkeys could be suggested for people who use the myGov app so they're not using the same device for password and second factor. #auspol
Serious question: could #myGov become part of #DigitalID scheme and be merged with #myID, with all of the capabilities of myGov retained (website + multiple 2FA methods)?
To explain a bit, both myGov and myID are currently identity providers. myID is an app that can be used as an IdP for government services like ABRS. myGov is a website and app that can be used as an IdP for ATO and Centrelink among others. myGov supports multiple 2FA methods like SMS, Passkeys and (perhaps confusingly) myID. myID itself doesn't appear to have any MFA methods but is pinned to a device with one-off verification for that to happen.
Why not bring myGov into the Digital ID fold, and merge most of myID's capabilities into myGov? Since myID is also being used as MFA for myGov I would rename the myID app to "myGov MFA" so it could continue to be used for that purpose. Passkeys could be suggested for people who use the myGov app so they're not using the same device for password and second factor.
Today I interacted with a government service that requires users to have #myID to use digitally, or alternatively, mail in a letter. They spell out the requirement to have the app installed on an iPhone or Google Play-capable phone.
Of course the devil is in the details. Maybe I can find an Android APK online, maybe I can get that APK to work on my non-Googled phone if it doesn't rely on Google Play Services, and maybe I won't be subject to a supply chain attack in the process.
IMO it's a really concerning direction for government departments to require Google or Apple accounts for digital interaction. Real standards are company-neutral. The government need to embrace the free and open web and related standards instead of operating exclusively in the walled gardens of Big Tech.
If you read the page about how to create your 'secure' online identity in #Australia using the new #MyID system, you soon realise how trivial it is to impersonate someone's identity. All they ask are documents that most Australians have had leaked (and available e.g. in the Dark Web) in the last few years.
I received a message today from the #Australian Government's #myGovID service announcing that they are soon changing the name to #myID. "It will have a new name and look, but you'll continue to use it in the same way."
There is zero mention of whether the website domain (my.gov.au) will remain as it is or be supplemented.
Apparently, as of today, myid.au is for sale ...
I'm convinced that one of our main cybersecurity challenges is how poorly thought through official communications are.
Japan eyes introduction of new My Number cards in 2026 | The Japan Times
https://www.japantimes.co.jp/news/2023/06/06/national/politics-diplomacy/new-my-number-cards-2026/
>The government will consider issuing the new cards with enhanced security as the current My Number cards, introduced in 2016, will start to expire in 2026.
Frank Filippone
AndrewR
J👀
Donald Hobern
Terry Wallwork