Zefort’s contract management solution comes with Zefort Sign, a built-in eSignature service that lets you get a digital signature to any document easily online. When you create your signing request, you can select between two eSignature authentication levels: basic authentication and strong authentication.
But what’s the difference between basic and strong authentication? Which one should you use? Let’s find out!
Basic authentication is like ink on paper…
Now, first things first: both digital signature levels are legally binding for all signing parties within the entire European Union. Just like a written signature on a paper, the signer agrees to fulfill the conditions written on the document.
In basic authentication, the signer is identified through his email address. The recipient receives a signing request via email and is directed to a signing page, where he can review and sign the document with a push of a button.
So, basic authentication relies on the fact that the recipient has a personal email address that no one else can access – that’s how the signer is being identified. However, at the basic level, it is not possible to link the signature indisputably to an individual person.
Zefort’s basic authentication corresponds to the basic level electronic signature defined by the European Union’s eIDAS digital identification regulation.
…strong authentication requires showing an ID, too
In strong authentication, you can require the signing party to verify his identity by using a third-party identification service, such as an online bank login or some other nationally available authentication method.
Asking for strong authentication does not change the signing process that much: the signer still receives a link to his email and can review the document on a secure web page. However, instead of simply pushing a button to sign, the signer is directed to a third-party identification service.
Strong authentication results in a digital fingerprint, a logged signing event stored in a digital seal in the original signed PDF document. So, it’s much easier to verify the signature later if needed.
Zefort’s strong authentication corresponds to the advanced level defined in EU’s eIDAS regulation. In this case, it is possible to uniquely link the electronic signature to the signee.
Which authentication method should I use?
So, if both authentication methods are legally binding, what’s the point of having two of them? If strong authentication is better, why should I ever use basic?
There’s no clear-cut answer on which authentication level you should use. Depending on your business, you might be legally required to verify your customer or business partner through strong authentication. On the other hand, there are still countries where a strong online identification is simply not yet available.
However, in many cases the choice is simply up to you.
Here are some questions that you could consider when choosing between basic or strong authentication.
How well do I know my business partner or customer in advance?
Let’s say you are finalizing a B2B deal with a business partner you’ve known for years, working in a reputable company. In this case, you know with certainty who you are dealing with and there’s no need to ask for his digital ID.
On the other hand, if you are making a deal with a person you’ve never interacted with, maybe based in a foreign country, asking for a strong identification might give you that extra level of security.
What is my risk if the relationship goes bad?
Consider selling a €10 monthly subscription service vs. making the sale of a €1M industrial property. In the first case, your risk in case of a dispute or a bad customer is fairly low. In the latter case, you probably want to be as safe as possible.
How long will our business relationship last?
Another aspect to consider is the length of your relationship with the signer. If you are doing a one-time delivery of construction equipment, you might not interact with the same customer ever again.
On the other hand, if you are making a rental agreement or an employment contract, you might have a long-lasting relationship that spans several years.
In the latter case, it might be a good idea to start the relationship by kindly asking for the equivalent of a digital ID.