Two-factor authentication (2FA) adds an extra layer of security to your SwissID account. Enable this feature to log in to online services with a second factor. You can choose the following methods:

• SwissID App

• Mobile ID

• SMS

• Cross-off list

You can enable two-factor authentication for login with SwissID at any time in your SwissID account under ‘Personal information’. If you always want to log in with a second factor for each online service, enable the function ‘Always two-factor authentication’ under ‘Additional features’.

Alternatively, you can also set up a passkey. This means that you do not have to enter a password to log in and there is no need for two-factor authentication.

More information about passkeys

If your mobile phone is lost or stolen, please contact our customer service immediately on 0848 99 88 00.

A passkey replaces the need for a password and second factor. It is tied to your device and/or system, cannot be spied on or shared, and protects you from phishing – enabling a secure and simple login experience.

Passkeys that are stored in your iCloud, Google Password Manager or another password manager are automatically synced, and you can continue to use them when you log in to a new device.

Note: protect the location where your passkeys are stored – for example, with two-factor authentication. This prevents unauthorised individuals from gaining access to them if your device is stolen, say. Nevertheless, remove the device from the respective passkey cloud system immediately in this case.

Yes, you can set up as many passkeys as you like in your SwissID account – for example, on your smartphone, tablet or laptop. This gives you easy and secure access to your SwissID account no matter where you are.

No, sharing passkeys is not permitted according to our terms and conditions.

You will be notified by email if we detect that someone logged in to your account from a device that has not previously been used to log in to the account. This is an additional security measure to better protect your SwissID from unauthorised access. Many online services now have this function.

If you recognise this login attempt, i.e. if you actually did attempt to log in, you can ignore this email. Otherwise, it could mean that someone has accessed your SwissID account without authorisation. In this case, please change your password immediately and contact our customer service if you have any more questions.

SwissSign protects your data according to the highest security standards, does not pass it on to third parties without authorisation and keeps all of it in Switzerland. If you suspect that your SwissID account has been hacked, you can block it immediately. Contact our customer service on 0848 99 88 00.

If you have entered your password incorrectly five times, your account will be temporarily blocked. Please try again after 15 minutes, reset your password or contact our customer service on 0848 99 88 00.

Keeping your SwissID account secure is our top priority. Regularly changing your password is an important part of this strategy. In this context, SwissID complies with the relevant security standards that define the maximum lifetime of a password.

If your password needs to be updated, you will be notified in advance by email.

For security reasons, you have been informed in advance that your password needs to be updated. However, you have not yet done so. It has therefore been blocked for security reasons. You can reset your password as described at swissid.ch/recovery.

SwissID uses different trust levels. They enable you to decide for yourself which data you want to disclose to whom. You can also withdraw approvals at any time.

In your SwissID account, you can see which data you have approved for which online service at all times. You can revoke these approvals individually at any time under ‘My online services’. However, please note that your use of certain online services will be restricted if you do not share your data.

The retention periods are based on the law, for example the ESigA (German: ZertES) and the Ordinance on the ESigA. According to VZertES, SwissSign is obliged, among other things, to retain the information for eleven years from the expiry of the certificates. Once the statutory retention periods have expired, the data is deleted.