E-signingInformation securityProduct and usage

What is strong authentication?

Terhi Tella | 2 min read | 31.3.2025

Summary:
Strong authentication ensures that a user’s identity is reliably verified in digital services. It is essential for secure e-signing, online transactions and services handling personal data.

  • Strong authentication confirms identity using trusted methods such as bank credentials or mobile certificates.
  • It differs from simple authentication, which relies on one factor such as a password.
  • It is not the same as two-factor authentication, although services may combine the two.
  • Used in e-signing, contract approval and services requiring legal certainty.
  • Methods vary by country: BankID in Sweden and Norway, NemID/MitID in Denmark, iDIN in the Netherlands.
  • eIDAS 2.0 will harmonise strong authentication across the EU and introduce a European Digital Identity Wallet.
  • In Visma Sign, documents can be signed with strong authentication or simple signatures when appropriate.

This gives businesses a secure, legally recognised and reliable way to identify signers in digital agreement processes. In this article, we look at what strong authentication means, when it is used and which methods are available in different digital services.

What does strong authentication mean?

In simple terms, strong authentication means that a user’s identity is reliably verified in a digital service.
It ensures that the person placing an order or signing a contract is exactly who they claim to be.

You can compare it to showing an ID card in the physical world. In person, you can ask someone to prove their identity with official identification. Online, the same verification happens digitally, usually with online banking credentials or a mobile certificate provided by a mobile operator.

What is the difference between simple and strong authentication?

Some online services only require simple authentication, which relies on a single factor such as a password.
This is convenient but more vulnerable, as a password can be guessed or stolen.

Strong authentication, on the other hand, always requires more than just a password. The user must verify their identity using a trusted method, such as bank credentials.

Is strong authentication the same as two-factor authentication?

Strong authentication and two-factor authentication (2FA) both aim to confirm the user’s identity, but they are not exactly the same thing.

Two-factor authentication means that the service requires two different verification steps, such as a password plus a fingerprint, authentication app or one-time code.
Some services also use multi-factor authentication (MFA), which includes three or more steps.

Strong authentication verifies identity in a way defined by law. It is used, for example, when signing contracts or logging into services where personal data is handled.
Strong authentication happens e.g. using online banking credentials, mobile certificates or the electronic ID card.

Some services may use 2FA, where the second step is a strong authentication method. Others, such as some public services, may require only one step — but that single step is a strong authentication method.

Where is strong authentication needed?

More and more everyday tasks take place online, both at work and in our personal lives.
At the same time, cyberattacks and online crime are increasing.
For this reason, many service providers require two-factor authentication to protect all parties.

Strong authentication is especially important when signing contracts electronically. It is a legally recognised way to sign any type of document and is recommended whenever the parties do not already know each other.

However, strong authentication is not always necessary. Many internal organisational processes can be completed with simple authentication, such as a digitally drawn signature.

Which strong authentication methods are used?

Different countries use different systems.
For example:

  • Sweden and Norway use BankID,
  • Finland uses BankID and mobile certificates,
  • Denmark uses NemID and MitID,
  • the Netherlands uses iDIN


Strong authentication is becoming more harmonised across the EU with the introduction of eIDAS 2.0.
The regulation establishes shared standards for electronic identification and trust services across the EU and strengthens the legal status of electronic signatures.

It will also introduce the European Digital Identity Wallet, which allows citizens to sign documents electronically across borders — providing yet another strong authentication method for the EU population.

Is strong authentication available in Visma Sign?

With Visma Sign, every document can be signed using strong authentication. When needed, documents can also be signed without strong authentication using a simple, digitally drawn signature.

Read more: The security of e-signatures Start your e-signing journey and try Visma Sign

Terhi Tella

Terhi Tella is Senior Growth Marketing Specialist at Visma Sign. She’s inspired by content and communication that create real value, and always strives to see things from the customer’s perspective.

You might also be interested in