In 2020, Information System Authority and Police and Border Guard Board invite everyone to manage the PINs of their ID-cards and other eID means safely. Here, you can find some guidelines, campaign videos, and educational real-life stories.
Remember
You are PIN1. Your signature is PIN2. Manage your PINs carefully: do not forget them, do not share them, do not enter them just anywhere!
Do not throw away your PIN envelope!
The ID-card is your electronic key to countless e-services. In real life, a bank teller or a police officer would identify you by your ID-card, passport, or driver’s licence, but electronically, the ID-card and its certificates and PINs are what verify your identity. An ID-card is valid for five years and even if you currently do not have to identify yourself electronically, give a digital signature, or encrypt documents to forward them in a safe manner, keep the PIN envelope safe for the future.
If you have lost the PIN envelope of your ID-card or forgotten your PINs, you can apply for a new envelope at the service offices of the Police and Border Guard Board or at a foreign representation of the Republic of Estonia.
NB! PUK codes for the ID-cards issued from 17. November 2025 can be viewed from Police and Border Guard self-service, selecting service “View ID-card PUK”. It’s not possible to change PUK code for those ID-cards. You can request a PUK envelope containing your forgotten PUK code at the Police and Border Guard Board's service centers. The PUK code envelope will only be sent to an address in Estonia and is subject to a state fee. You can learn more about state fees from Police and Border Guard Board's page.
Keep your PIN envelope safe!
The PINs of an ID-card are easily forgotten if they are rarely used. If you repeatedly enter the wrong PIN, the certificates of your ID-card will be blocked, and you can no longer identify yourself electronically or give a digital signature. Keep your code envelope safe so that, if necessary, you can look up the codes.
If you have lost the PIN envelope of your ID-card or forgotten your PINs, you can apply for a new envelope at the service offices of the Police and Border Guard Board or at a foreign representation of the Republic of Estonia. If you apply for new PINs in Estonia, you have to pay a state fee of 5 euros, and if you apply at a foreign representation, your state fee is 20 euros.
Make sure that the request for entering your PIN was initiated by you!
We have witnessed repeatedly how the reckless management of PINs will result in people giving access to personal information to complete strangers.
For example, several services that can be accessed with Smart-ID require your personal identification code or phone number upon access with Mobile-ID. Mistakes are bound to happen – you mistype one number and the request for authentication pops up in somebody else’s phone. There have been numerous occasions where a person receives a request to enter the PIN at a random time, and they respond, not knowing which service they are about to authorise. People have accidentally gained access to the health and tax data of complete strangers.
Check which PIN you are about to enter and why!
For a while now, imposters have tried to get people to reveal their PIN2s through fake internet banking sites.
Normally, PIN1 is required to log in, while PIN2 allows you to verify transfers. Cyber imposters have created special websites that seem to ask your PIN1 and PIN2 just to log in to the bank. While a person is waiting behind the screen to log in to the bank, imposters will initiate a payment that the unsuspecting victim is approving with their PIN2. You may lose a lot of money this way. Always make sure where and why you are entering your PIN2!
Be careful of where you enter your PIN2!
On several occasions, imposters have tried to get Estonian people to enter their PIN2 without them knowing what it is for. For example, new Smart-ID accounts are created this way that are not controlled by the right person.
Imposters try to allure you with either a fake web site or by phone where ‘all you have to do’ is enter your PINs on your phone or the computer. At the same time, they are creating a new Smart-ID account. We have seen imposters use a stranger’s Smart-ID account to, for example, take a quick loan.
Today, Smart-ID accounts cannot be created this way, but you must pay attention nevertheless, because cyber imposters are very creative. Always make sure where and why you are entering your PIN2!
The materials have been compiled with funding from the structural funds support scheme „Raising Public Awareness about the Information Society“ (European Regional Development Fund).
