SwissPass is tightening the login screw: Since mid-May, an additional code has been required when logging in. The reason for this is a series of scams involving hacked accounts.

Petar Marjanović

In Valais, 16 SwissPass accounts have been hacked since the beginning of the year.

Since mid-May, an additional security code has therefore been required when logging in.

From June, users will also be able to log in using their fingerprint or facial recognition - without a password. Show more

The Valais cantonal police warned of a new wave of online fraud in May. Since the beginning of the year, 16 cases of hacked SwissPass accounts have been registered in the canton. The perpetrators used stolen access data, bought train tickets in someone else's name and caused several thousand francs worth of damage.

Despite several inquiries, the police did not provide any further details about the fraudsters' actions - so as not to jeopardize the ongoing investigations. The SwissPass alliance, which operates the central login for SBB and other transport companies, also initially kept a low profile. However, the association did not remain inactive, as it revealed on request.

Since May 13, an additional "security code" has been mandatory for all SwissPass customers. Anyone who wants to log into their customer account from an unknown device must enter this code. This is to prevent criminals from gaining undetected access to an account with stolen data.

The "passkey" will be introduced in June

Even before this, users could voluntarily protect their account with two-factor authentication (2FA) - using an SMS code, for example. This requires a verified cell phone number in the customer profile. An additional confirmation code is then required for sensitive changes such as the email address.

As many people have not yet activated these protection functions, the security code is now mandatory for all new registrations.

SwissPass is also announcing a further innovation for tech-savvy users: From June, it will be possible to log in using "Passkey" - without a password. Instead, users will be able to log in using their fingerprint or facial recognition directly via their personal device.

What are passkeys? Passkeys replace traditional passwords with a pair of keys. The secret key remains securely on the device and is never shared with the service.

Instead of a password, Passkeys use a cryptographic key pair. The private key remains securely on the device and authenticates you with a digital signature when you log in.

Access is via fingerprint, Face ID or PIN - directly via smartphone, tablet or computer.

Passkeys are supported by modern operating systems and browsers and can be synchronized across devices. Show more

