For example a gambling site could require MitID auth, but only request proof-of-age and nothing else. You can see in the app which information is being requested, like with OAuth.
MitID is 2fa. You log in with username, then you have to open the app, enter password or scan biometric, then scan the QR code of the screen* and you are logged in.
He would need to be next to you every time you log in. I think that is too high friction to make it feasible on large scale.
* Assuming you open the website on the Desktop, and MitID on phone. If both on phone, skip this step.
Also, I reckon most children know the password for their parent's phone or computer, and many more will find out if there is a highly motivational factor for doing so. How many exhausted parents just toss their phone to their child to stop them whining?
I suppose it could be a biometric sign-in with facial recognition or fingerprint, but again, that's a tonne of friction for the whole web.
It's already the single sign on for government websites, banking, healthcare, digital post, insurance, law (sign contracts) etc.
Shit man, you can get divorced through that. I really hope most parents don't give their kids access to it.
Or you can just text him a screenshot of the QR code. You could probably even automate this.
~Maybe~ you can video call, but again it's adding so much friction. Nothing is 100% secure.
I don't want my kids to have access to gambling websites like Stake, but I also want to keep my digital identity anonymous. The eIDAS is a solution that achieves both of these goals.
If you can choose between the discord shitshow with a face scan, or a digital encrypted proof-of-age in a 2FA app you already use, issues and verified only by the government of your country (who have all your personal details anyway), what would you choose?
From wikipedia.
