Secure use of your DigiD

DigiD does everything possible to ensure that the use of DigiD is secure. But you can also help keep your DigiD safe.

5 tips on how to keep your DigiD safe

1. Keep your DigiD private

  • Never give your DigiD to anyone else. Not even if someone or some organisation is helping you. If this is the case, always enter your DigiD yourself.
  • Make sure that no-one sees you enter your DigiD.
  • Change your password regularly, preferably twice a year.
  • Use the 'log off' button when you have finished. 
  • Extra caution is needed if you are not using your DigiD on your own computer. You are then unable to check the level of security of the computer that you are using.
  • DigiD staff will never ask you for your username or password. Not on the Internet, via e-mail, via telephone or in any other way.

2. Check the DigiD website

Only enter your DigiD on the genuine DigiD login page. You can check this as follows:

  • The browser shows a padlock and the web address starts with https; the 's' stands for 'secure'.
  • The address of the login page starts with https://digid.nl. You can check this in your browser's address bar. DigiD's request page and activation page also start with https://digid.nl.
  • Check the SSL certificate. This certificate ensures there is a secure Internet connection between DigiD and your browser.

    • Double-click the padlock
    • Check whether the certificate has been issued to digid.nl
    • Check whether the certificate has been issued by 'KPN'
    • Check whether the certificate in the hierarchy can be traced to 'Staat der Nederlanden Root CA - G2' (the State of the Netherlands Root CA - G2).

3. Recognise phishing emails

Phishing emails are increasingly looking more genuine. They contain real logos and even the website addresses seem to be genuine. Phishing emails can be recognised by the following:

  • You are asked to click a link and/or to provide personal information.
  • The e-mail is not addressed to you personally, but starts, for example, with 'Dear Customer' or 'Dear User'. That is because criminals do not know your name.
  • The message is written in poor Dutch or English.
  • The message feeds on fear. For example, you have to respond immediately otherwise your account will be discontinued.
  • The email is caught by your spam filter.
  • The link in the email does not take you to the genuine DigiD website.

4. Choose a password that is hard to guess

Choose a password that is different to your username.

  • Choose a password that is as long as possible.
  • Avoid using personal information, words or dates. So do not use your surname, e-mail address, Citizens Service Number (BSN) or year of birth in your password.
  • A commonly used method of creating a memorable strong password is to think up a sentence that you can easily remember. Take the first letter of each word and alter some characters. You now have a password that can easily be remembered but that is difficult to guess.
  • Do not use your username and password on other websites.

5. Keep your computer healthy

  • Keep your browser and your operating system up to date. Always download and install the latest versions and switch on the auto update function.
  • Use an antivirus program and keep this program up to date and active.
  • Regularly scan your computer for viruses and spyware.

Do you suspect misuse?

How to recognise misuse

You can recognise misuse of your DigiD or personal information by the following:

  1. you unexpectedly receive a letter containing an activation code for a new DigiD.
  2. you receive letters from government organisations informing you that information has changed, without you being aware of this.

If someone is impersonating you and to do so is using your personal DigiD, that is misuse. Using your DigiD, someone can change your details at government organisations. This amounts to identity fraud.

Stop misuse

Cancel your DigiD at Mijn DigiD (My DigiD) and reapply for your DigiD using a different username and password. Your old DigiD details are then unusable.

Are you unable to log into Mijn DigiD (My DigiD)? Please contact the DigiD Help Desk and inform them that you wish to cancel your DigiD. At the same time, reapply for your DigiD.

Report misuse

If you suspect misuse, it is important that you collect evidence and report the misuse to the correct organisations. You can report misuse of your DigiD to:

What does DigiD do?

Secure connection

When you log in using your DigiD, a secure connection is formed between DigiD and your computer. This encrypts all data sent between your computer and DigiD.

The secure connection is evident from the padlock in the address bar or to the bottom right of your browser. You can check whether you are on the DigiD website

  • Double-click the padlock
  • Check whether the certificate has been issued to digid.nl.
  • Check whether the certificate has been issued by 'KPN'
  • Check whether the certificate in the hierarchy can be traced to 'Staat der Nederlanden Root CA - G2' (the State of the Netherlands Root CA - G2).

Checking login details

Every username and password combination is unique. As soon as you log in, the information that you enter is checked to see whether it exists.

Independent assessment

Logius, the digital government service of the Ministry of the Interior and Kingdom Relations, ensures that the trustworthiness of systems is tested on a regular basis by independent professional parties. Logius itself also continuously monitors compliance with technical and organisational measures and the trustworthiness of systems by means of internal checks. The aforementioned steps ensure that the trustworthiness of DigiD is and remains as high as possible.

Continuous modifications

DigiD has a whole system of measures to ensure that DigiD is secure, reliable and available. DigiD regularly performs risk analyses and monitors the rapid technical developments and continuously adjusts the security to ensure it is in line with technical and organisational security measures.