SuisseID Digital passport and signature

Steps to your SuisseID

What do I need to take into consideration in terms of security?

The secure SuisseID is used in an overall system of person, computer and internet, total control of which is outside the possibilities of a SuisseID. But as a user you can decisively influence the security of this overall system:

  • Person: The Swiss Signature Act demands that you always keep the SuisseID and the password (PIN) stored separately. The SuisseID or the password must never be handed over to third parties. Do not choose a password which is easy to guess. If you suspect abuse, change the password immediately and/or block your SuisseID. In the event of loss of the SuisseID it must be blocked immediately, like a bank or credit card.
  • Computer: Protect your computer with an antivirus program and keep your operating system up to date. You will find further information about this at the Reporting and Analysis Centre for Information Security of Confederation MELANI.
  • Internet: Visit only websites which you trust. When logging in check for the green display of the link in the browser. Observe the Rules of Conduct of the Confederation regarding careful action when surfing the internet.

If you abide by the rules of conduct and observe the protective measures you will have maximum security when using secure online transactions or communication. This applies for e-banking as much as for the use of the SuisseID.

I suspect that someone is misusing my SuisseID, what should I do?

Misuse is possible only when third parties are in possession of your SuisseID and your password (PIN).If you are no longer in possession of the SuisseID, the certificates must be immediately blocked/revoked. If you are still in possession of your SuisseID, however, you can change the password (PIN). To do this, open the SuisseID Assistant and in the menu «Actions» select the function «Change PIN / password».

Are there backup copies?

For the key pairs generated in SuisseID there are no backup copies and none can be created either because SuisseID does not support this function for security reasons and because of legal requirements.

How is SuisseID encrypted?

SHA-1 and SHA-2 are encryption algorithms used for the SuisseID login and digital signature. For the digital signature SuisseID uses the new standard SHA-2 and, since December 2016, all new SuisseIDs have also used the SHA-2 algorithm for login. This means SuisseID uses the latest technology for all encryption applications.

SuisseID is a registered trademark of SwissSign AG.