We do do that, it's WebAuthn/passkeys.

Many people today don't even own a computer and do everything on their phones. Teaching the masses safe habits rather than convenient ones is a difficult problem, most don't care.

You can use Yubikeys, which are basically the modern and better version of "smart cards", on phones and tablets just fine. I have a Yubico Security Key on my keychain and I can use it on my iPhone with NFC or with my iPad using USB-C.

You need it. While your bank already gives you (typically) a card you can also use as is for auth for them. Your country probably have some e-documents already, no need for extras to authenticate the public sector services and so on.

The point is offering something already usable and gives people a habit on that. After we might add yubi for generic services like GMail and so on.

I have zero clue as to what you're talking about. And what card am I getting from my bank?

A bank card to pay stuff, witch is a smart card, NFC capable, you can use (as is common in various EU countries) to authenticate yourself on your internet banking.

Similarly various countries offers eIDs (some I know Estonia, Belgium, Italy, Germany, France) witch are NFC ISO 14443A/B who are used to authenticate the Citizen on various public services.

Many universities and some high school as well offer an NFC badge witch is a smart card, and could be used to authenticate institution website and so on.

All those examples are already in use since years, but used for limited activities and mostly not advertised. It's just a matter of spread them. In Italy for instance since some years national eID card (CIE) is used to access fiscal services to send for instance you filled tax forms, to pay some tax and so on, while national health service card is used to buy tobacco from every automatic vending machines since much more (to prove you are >18 years old), France start since last year the same with France Connect+ witch as Italy, German etc is the pan European eIDAS system to offer digital docs and services to all. All countries have invented absurd systems to AVOID using eIDAS with smart cards in most cases, while we all have them. Only to push the "app" cloud+mobile model.

My Visa card definitely doesn't work for any online bank authentication in Finland. It's strictly for payments. For authentication, it's user ID + PIN with a paper two-factor, or user ID + phone authenticator. Some banks also have physical two-factor hardware.

Well, in Germany, Nederland, Belgium Visa, Mastercard works so, I imaging is just a matter of choice from the bank side. In Italy RSA token (small key chain with an LCD display) was fairly common as another option and some banks have solved the PSD/DSP2 article five with a captcha post-OTP for transactions (i.e. Unicredit), few have chosen more complex OTP with a cam to read a Qr but they are simply too expensive to became spread. In France curiously most banks still do not use a second factor allowing login with just ridiculous "random sorted" virtual keyboards to makes keylogging not work. I guess the world is vary, but I'm also sure enough that Finland have some eIDAS eID document witch can be used like bank cards.

I assume your bank gives you a debit card. And many government IDs have NFC chips nowadays.

Pretty sure that neither my Visa Credit/Debit or my passport works for any kind of digital authentication. I think you can specifically get an ID that works as a smart card, but since you don't need just the specific ID card, but also a reader + faffing about, adaptation is super low.

Parent's point is that the hardware is perfectly able to identify you, but we choose not to.

In 2024 having a card reader is indeed not that great, but I still have the one given by my bank ~20 years ago, as it's a strong factor which I can use to set up weaker second factors (typically push notification to the mobile app, nowadays).

We could imagine several ways people link their real, physical government ID to a trusted device. Every smart phone has had a built-in security key for the past 5 years or so. Banks have to check your ID at some point due to KYC. We could kill multiple birds with one stone.

Unfortunately physical keys are getting obsolete in many places, and people are no longer routinely carrying their keychains around.

People carry they smartphone around though.

I keep my Yubikeys in a drawer at home and use my phone as day-to-day security key.

NFC/RFID in many mobile devices allows for interfacing smart cards very similarly to wired connection.

Yeah but it's a tradeoff in usability, that's an accessory that needs to be provisioned and carried around.

How many have a smartphone with a cover able to hold cards? How many have wallet in their pockets? Where the trade off in usability? Having a sole pin and a card to access various services instead of passwords and copypasting OTP or something similar with crappy and dysfunctional apps.

> How many have a smartphone with a cover able to hold cards?

I use a wallet that holds cards, but not common or popular, and are you seriously suggesting that we insert this thing into our phones, which would probably mean you'd have to dislodge from the case, wallet or not, and align the card into the slot. Not to mention how much space it'd consume in a smart phone. You & maybe a very tiny cohort want this, the general public don't, especially for the marginal security benefit. Anyways as others say, the modern equivalent is NFC, but again getting everyone to buy and carry an accessory is asking too much. Modern smartphones already have modern security and in recent years have been exposing their security coprocessor chip to the OS.

no need to "insert" most smart cards nowadays are NFC and most smartphones have a reader built-in in their battery so all you need is just flipping the "book cover" to allow reading, even without extracting it. On a desktop having a small usb flat reader or one built-in in the keyboard (common two decades ago in various setup, for contact based smart cards back then) or one aside the touchpad area in a laptop could provide the desktop part.

I use it normally to declare my taxes for instance, with a small desktop card reader (ReinerSCT CyberJack) as a "security device" in Firefox to authenticate for instance, just putting the card on the reader, open firefox going to the relevant website, click on eIDAS login, entering the national ID card PIN and being in. A pin for all public sector services, no apps needed, no regular password changes and so on.

We have that with FIDO2, unfortunately there is too much $$$ to be made perpetuating the problem, propping up adjacent ecosystems like cloud and leaky auth apps.