Netpin
Netpin was a central system for identifying the ownership of email addresses. The underlying functional principle was specified by the German Internet Association and implemented by Online Ident GmbH. The service was introduced in December 2006, aimed at companies and their customers and was only available in Germany. The service was discontinued in October 2009 due to a lack of demand.
functionality
For a given e-mail address, a four-digit secret number is generated once on a central server (the so-called Netpin). The Netpin cannot be changed by the user. In principle, the Netpin is generated using a double opt-in process, which is additionally protected against possible man-in-the-middle attacks by an activation code . As Phishing -protection is specified by the user with a free check text when Netpin generation, which is represented by each identification process.
The Netpin is checked using a standardized login dialog in which the email address and the associated Netpin are entered. Web service providers can integrate calling up the Netpin login dialog into their websites. However, the verification always takes place on the central Netpin server, which informs the provider of the result of the verification via a backlink. The user's secret number is therefore not visible to the service provider. The Netpin process comes without JavaScript, cookies or the like. out.
The Netpin process only verifies the e-mail address, not the implementation in the application. How the process is actually used is up to the respective provider. As a rule, the Netpin process replaces existing double opt-in solutions. By using cookies at the provider, single sign-on solutions can also be implemented.
Areas of application
The Netpin process is a particularly secure double opt-in process that the user only has to carry out once initially. Subsequently, the registration processes - if supported by the web providers - only take place through Netpin. This speeds up the login process and the user only has to remember one secret number. The process is monitored by a consumer protection institution. The areas of application are accordingly in the consumer segment: ordering advertising material, newsletters, eCards, registering at forums, wikis, etc. For this area, there has been no easy-to-understand, uniform protection procedure for internet users who are not IT-savvy. The most important motivation for employing the providers is to avoid costly warnings because of the unwanted sending of unwanted e-mail advertising. The use of the process is free of charge for consumers. For providers who use the verification process, there are costs between 5 and 30 euros (depending on the size of the company) per month. The Netpin was u. a. used to register for the German Robinson List, which has recently been using password-based authentication (INPASS).
distribution
According to the operator, more than 120,000 Netpins had been awarded by 2009. However, the procedure was only implemented on a few Internet portals and could not prevail against alternative procedures such as OpenID, so the service was discontinued in October 2009.
advantages
- The Netpin process can be used anonymously as there is no personal identification. The prerequisite is the use of an anonymous e-mail address.
- Phishing protection.
- Flexible areas of application.
- Particularly secure double opt-in for Netpin generation.
- Extremely easy to use and therefore suitable for non-IT-savvy users.
- Easy integration in websites through preconfigured code.
disadvantage
- As with all identification solutions that are based on a trustworthy central point, the area of application is restricted to those areas that can trust the operator, in this case mainly consumer protection and company / customer relationships (B2C).
- To make the process easy for inexperienced users, a simple password (four-digit number = association with the credit card) is used. In order to maintain security, the Netpin must therefore be automatically blocked after three incorrect entries and regenerated by the user.