What are digital keys?
Digital keys enable you to securely log in to online government services. You can compare this to the unique lock in the front door of your house. To enter the house, you need a key that fits the lock. And only the right people have such a key. Access to online government services works in the same way. The services are protected and you need a digital key to get access.
All digital keys that offer CSAM are secure for logging in the government online services! But it is the online service itself which determines which keys will be shown on the login page and therefore access to the particular service. Consequently, not all digital keys are available for all online government services (Tax-on-Web, IRISbox, My Social Security,...).
Log in with eID and card reader
+
Logging in with a digital key from an authorized partner
In addition to the digital keys offered by the government, there are also other parties that may offer digital keys allowing citizens to log into online government services.
There are currently several recognised partners:
For more information about Itsme® visit www.Itsme.be.
For more information about myID.be® visit www.myID.be.
Log in with username, password and security code
3 digital keys require your user name and password in combination with a security code:
+
+
+
+
Log in with user name and password
You only need your user name and password for one digital key. These are the same ones with which you would log in via a digital key that requires user name, password and a security code.
For some government online services, you can register a digital key "username and password" yourself without the need for an eID. For further information, see the FAQ How can I register a username and password myself?
What is a level of assurance?
The Federal Authentication System (FAS) is based on the concept of the level of assurance as defined in the EU Regulation 910/2014 and its implementing regulation 2015/1502. The explanations below are based on the content of these texts.
The term 'level of assurance' refers to the degree of confidence in the claimed identity of a person; i.e. the certainty that the federal authentication system can have regarding the identity of the person using an authentication means.
Several elements are important in determining a level of assurance:
- Firstly, the identification process to obtain a means of authentication should be considered (Does it require in-person contact? What types of documents must be submitted?)
- Secondly, there is the question of how the authentication method is managed. How many authentication factors are needed? Is a password sufficient, or is a time-limited code also sent by e-mail?
- An authentication factor is the information that one person knows (such as a password), has (an email address, a mobile phone number, an application), or is (the use of biometrics).
- Thirdly, the authentication process is also important. The purpose of this process is to certify the identity of a person so that they can access (if entitled) to a specific application.
What are the levels of assurance?
The Federal Authentication System (FAS) is based on the levels of assurance as defined in the EU Regulation 910/2014 and its implementing regulation 2015/1502:
-
Low level of assurance
This level is characterised as low because the reliability of the claimed identity is considered to be limited. This is determined on the basis of an analysis of the technical specifications, standards and procedures used in an identification scheme.
-
Substantial level of assurance
This level is characterised as substantial because the reliability of the claimed identity is considered to be higher than for the low level.
As for the low level, this level is based on the analysis of the technical specifications, standards and procedures used in an identification scheme.
-
High level of assurance
This level is characterised as high because the reliability of the claimed identity is considered to be higher than for the substantial level.
As for the low and substantial levels, this level is based on the analysis of the technical specifications, standards and procedures used in an identification scheme.
The levels of assurance in the Federal Authentication System (FAS)
As mentioned above, the Federal Authentication System uses three levels of assurance: low, substantial and high.
Every digital key provided by our authentication service has been analysed and evaluated in order to define the corresponding level of assurance; the summary is as follows:
Levels of assurance | Digital keys |
---|---|
High |
eID with card reader Itsme® application (Recognised by the Royal Decree of Approval (R.D. 22/10/2017)) |
Substantial |
myID.be® application (Recognised by the Royal Decree of Approval (R.D. 22/10/2017)) User name and password + code via email User name and password + code via SMS User name and password + code via mobile application User name and password + token. After 31/01/2024, you will no longer be able to log in with the digital key TOKEN. We therefore recommend that you activate a new digital key before this date. This will allow you to continue logging in to government online services after this date. A new token cannot be requested anymore. Digital certificates. After 31/01/2024, you will no longer be able to log in with the digital key "Commercial Certificate". |
Low |
User name and password |
The principle is that a digital key with a low level of assurance will not give you access to applications that require at least a substantial or high level. For example, you will not be able to access the tax on web application with only a user name and password.
References:
- Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
- Implementing Regulation (EU) 2015/1502 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3) of Regulation (EU) No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market