The story is not mine, but I participated in it And talked with tech support gosuslugi.ru. And now the site gosuslugi.ru only with the second factor.
It seemed that registration with gosuslugi.ru, the subsequent trip to the Multifunctional Center for account confirmation by the simplest solution , Which was advised.
Then he created a mail box, registered with the mailbox on the website of state services, a good person confirmed the account personally by visiting the MFC. They paid debts, there were not many of them. It turned out that the IFTS needed up to 14 days to note that there was no debt.
I wanted to know the fate of the payments in a week. But it was not possible to enter the state services website – "there is no record", the tech support responded and offered to draw up an appeal. Made up. At the same time, a specially created (and, correspondingly, rarely checked) mailbox was checked in advance – it turned out that on the day the account was deleted, there were two letters with a difference of 25 minutes. The first one with the topic "Restoring access to the account" and the corresponding content. The second with the topic "Account deleted" and the content:
Hello, ХХХХХХХ ХХХХХХХХХХ ХХХХХХХХ!
Your account in the Unified system of identification and authentication of the electronic government infrastructure has been removed.
If you did not initiate the process of deleting your account, it is possible that your account was hacked.
Please contact the support service of the Unified Identification and Authentication System.
I very much doubt that the username and password could be known to an attacker. Choose a password (and it was like this / 71fge6HaRNP3ng. ) to the site is unlikely. A pair of login / password password was written on paper in "square" letters. The login / password pair from the site does not match the Password / Username pair (also written on paper). The entrance was made through the incognito mode without any plug-ins under the supervision of a good person – although he does not really understand what I'm doing, but it disciplines.
I can not imagine who might need to delete the account on the state services website.
When contacting the support service, as it was said before, it turned out that the record was deleted. Two days later they telephoned for treatment and referred to F3-152 about the PD as they said:
- that the entry was deleted
- is not subject to restoration
- it is impossible to find out any details about the deletion process (who, where, how, etc.) is impossible – they do not store information according to F3-152 on PD.
- to delete only the knowledge of the mail and password, i.e. Access to the mail itself is not necessary, a confirmation letter is not sent and access to the mailbox itself is not verified
- the question of why it is not verified access to the mail on which the record is registered is unanswered – it is not necessary to know about this tech support.
The recording was created according to a new one, later it will be confirmed by a visit to the MFC, after which it will be possible to find out the fate of payments.
I made the following conclusions for myself:
- to delete the account it is enough to know the login / password, although Where the attacker knew the password remains a mystery;
- on the website of state services it is necessary to use the second factor without fail – the first one is not checked
- something was not completed in the context of security on the site of state services.
I myself use the website of state services as necessary, the impressions to this point have been purely positive.