[Strom]

In Estonia, you can use your SIM to create a government recognizeed digital signature. [1] Thus, you not only identify yourself to the mobile operator, but you can also identify yourself to banks, government services, and more.

[1] https://e-estonia.com/component/mobile-id/

[anlif]

The same idea is used in Norway. Most banks and public services (e.g. tax returns) use this system for online two-factor authentication.

[1] https://www.bankid.no/en/

[shshhdhs]

Didn't NIST just say two factor via mobile is a "bad idea"? Have Norway or Estonia responded?

EDIT: Thank you whoever downvoted an honest question that added to the discussion

[brainfire]

The bad idea is being sent a (potentially interceptable) SMS with a code.

The Estonian method is described as using a private key present on the SIM card, just like a normal smart card used for authenticating/signing.

[candiodari]

That's how every bank I know in Australia, at least 2 US banks and 4 European banks do it. Transfer (sometimes login too) ? Code over SMS.

Besides, pretty much all banks simply use 2 or 3 factor authentication as an anticompetitive tactic (half the businesses in most countries pay the banks 2-300$ per month just for scheduled download of transactions)

[captn3m0]

I think that was for SMS, not specifically mobile.

[rimantas]

Same in Lithuania. Have been using mobile signatyre as it is called for yeats, very convenient.