Use a strong password. Password strength and rules for what the password must contain are shown while you create it. Only password of sufficient strength can be used. We recommend using a password with the highest strength shown by MojeID.

Protect your password from third parties and store it safely. If you use a password manager, ensure that its owner is trustworthy.

If you use two-factor authentication, keep the device secure (mobile device, security key, etc.) from third parties. Always keep the software in your mobile device up to date.

We recommend using security keys with FIDO2 standard, ideally with Level 1 certification or higher. List of certified security keys with the option to sort them by security level can be found here.

You may see the Known security issues table in the security key details. Below you will find a more detailed description of the individual security states.

• User bypass
  • Indicates that malware is able to bypass the user verification. This means that the security key could be used without user's consent and potentially even without user's knowledge.
• Attestation key compromise
  • Indicates that an attestation key for this security key is known to be compromised. Additional data should be supplied, including the key identifier and the date of compromise, if known.
• Remote compromise
  • This security key has identified weaknesses that allow registered keys to be compromised and should not be trusted. This would include both, e.g. weak entropy that causes predictable keys to be generated or side channels that allow keys or signatures to be forged, guessed or extracted.
• Physical compromise
  • This security key has known weaknesses in its key protection mechanism(s) that allow user keys to be extracted by an adversary in physical possession of the device.
• Update available
  • A software or firmware update is available for the device. Additional data should be supplied including a URL where users can obtain an update and the date the update was published. When this code is used, then the field authenticatorVersion in the metadata Statement [UAFAuthnrMetadata] must be updated, if the update fixes severe security issues, e.g. the ones reported by preceding StatusReport entries with status code (NOTE: Relying parties might want to inform users about available firmware updates).
• Revoked
  • The FIDO Alliance has determined that this security key should not be trusted for any reason, for example if it is known to be a fraudulent product or contain a deliberate backdoor.

We recommend that you log out of your account each time you finish working with MojeID, and then close all web browser windows.

If you set your browser to remember windows and panels from previous session, you will not be logged out after closing your browser. We recommend switching this setting off. It can be found here:

Pokud máte v prohlížeči nastaveno zapamatování oken a panelů z minula, při zavření prohlížeče nebudete odhlášeni. Toto nastavení doporučujeme vypnout. Najdete ho např. zde:

• Chrome: Settings → On Startup → Continue where you left off.
• Firefox: Nastavení → Obecné → sekce Spuštění → Open previous windows and tabs.

Warning: If you check the Keep me signed in option when you log in, you will not be logged out even if you close the web browser window.