Skip to main content

https://gds.blog.gov.uk/2021/12/01/one-login-for-government-december-2021-update/

One Login for Government: December 2021 update

Slide deck which says 'Make it easy for everyone to access government services.'

What’s happening now

Right now, people have to register and share the same information, like their name, over and over again to be able to use different government services. That’s why we’ve made it our mission to build a simple, joined-up and personalised experience of government for everyone. Delivering a single sign-on and identity checking system will help make our One Login for Government vision a reality. 

Building on our blog post in October I wanted to provide further detail on the digital identity team’s progress so far and look ahead to our priorities over the next 3 years. 

User research

Over the last 7 months we have spoken to more than 720 end users and learned many things.

Significantly, and perhaps surprisingly, user research has found 61% of participants  responded positively when asked about sharing their information with government and are broadly comfortable with departments sharing that data because they think we already do. 

Interestingly, many people assume they already have an online ‘government’ account that holds data on them and that services are joined-up. 

What shines through in the research is a need for users to have visibility and control of the information that the government holds on them and how it is shared.

Our research has also shown that many people see the value of a reusable proof of identity to save them time when engaging with government services in the future. So, this will be a key aspect of our service and we’re working through the details of how it should work. 

Barriers

There are currently many barriers that prevent users from being able to prove their identity online, including complicated or incomplete credit histories, poor internet access, low digital confidence and a wariness of sharing personal information online.

Inclusion and accessibility are the thematic core of all our work and we’re tackling the hard stuff now to make sure this works for everyone in the future. 

In particular, we’re building on the work done by DWP who design their services to work for users who experience multiple, overlapping barriers to completing things online. 

Speaking to government service teams is key to the success of our product, as it needs to meet their needs and expectations too. So far we have completed more than 150 research and engagement sessions with teams across government and will continue to speak to, learn from and partner with teams in the months ahead. 

What we’ve done

Our most significant recent milestone so far has been getting GOV.UK accounts live with the authentication component. This is a real achievement, but there’s a lot more to deliver. 

Users’ expectations of service delivery are shifting. Around 70% of overall traffic to GOV.UK is now via mobile and citizens are increasingly looking for faster, simpler ways to get stuff done. 

To deliver that, we want to provide a superhighway for users who can and want to use their mobile to apply for government services, so we are building an identity checking app. 

This will give smartphone users who have a photo ID, like passports and driving licences, the choice to prove their identity to a high level in around 10 minutes. It will do this by making use of Near Field Communication (NFC) readers and cameras built-in to modern smartphones. 

We will be working with a partner to deliver the app and to accelerate access to services for people for whom this ‘superhighway route’ is the right choice.

Use of the app will be optional; it will be just one of the ways people will be able to prove their identity based on their preferences and documents available. 

That’s just part of our work to ensure no-one is left behind. We are also looking at the alternative journeys we need to provide to support inclusion and we are working through how online and offline channels need to come together to make sure everyone can use our system. 

Next steps

Our next step is to create the first user journey combining the authentication and identity components by April 2022, and we are delighted that the Disclosure and Barring Service (DBS) is partnering with us to make this happen.

User feedback is a key part of our delivery plan. I’m determined to get stuff out there that we can really learn from. This means that by April next year users will be able to request a basic DBS check through their GOV.UK account by entering their UK passport information and answering some questions that only they should know the answer to in order to prove their identity. 

Dealing with personal data like passport information means we need to make certain our infrastructure meets the highest standards of security and resilience. We are working in partnership with the National Cyber Security Centre, investing in our own security architecture capability and drawing on the expertise of the Cabinet Office’s Cyber Security team.

Getting the first services and users using GOV.UK Sign In is essential, but to really have met our vision of One Login for Government we need to quickly go from one or two to 10s and then 100s. So we are working with other departments, directorates, agencies and individual services to build a clear, joined up and shared roadmap. It will enable services to understand when their required functionality will be available and give clear milestones and timelines for migration.

Expanding the scope of the system

Over time, through their GOV.UK account, our system will enable users to sign in to all government services and share information once to prove their identity. It will replace more than 190 different ways people can currently set up accounts to access services on GOV.UK and give citizens one fast, simple and secure route. We’ll be providing users with greater control over what personal data they choose to share and how that data will be used. It will also reduce unnecessary duplication of effort and save taxpayer’s money by ending the need for each department to find its own solution to authentication and identity assurance.

The potential scope of the system doesn’t stop there. We will be continuing to learn from Local Authorities, gaining an understanding of their needs to make sure our systems can work together in the future.

Because of the user research we’ve carried out and the insight we’ve gained, we’re working with our partners across government to update legislation to allow departments and services to share data whilst keeping users data safe and reducing the risk of fraud. This means that, in time, government services should be able to meet the expectations users already have of them. 

We frequently report to and are held accountable by a cross-government group of ministers, and we’ll continue to develop our system in a spirit of openness, explaining things like our research findings as we did in October.

Over time we will add more features to give users more ways to prove their identity, as we tackle areas like delegated access, broader inclusion, and the option to save identity checks to reuse with other services. Right now we’re focussed on a near term set of things we need to have as core foundational blocks that will enable the next financial year to be a big digital delivery year for us. I can’t wait to cross the line at a canter (perhaps even a gallop) and get our products into the hands of real users. Exciting times!

Would your government service like to become an early adopter of GOV.UK Sign In? If you’d like to participate in our beta or work with our research team, register your interest via our product page

Related posts 

How will the single sign-on and GOV.UK account work together?

Sharing and comments

Share this page

20 comments

  1. Comment by Animesh Basu posted on

    Thank you for your update on the ID authentication system. You also share your concerns about the security of the shared information such as images taken of the passport or driving license by the smart phone cameras. Can GDS not use available technology in SDK form that can carry out the authentication process in the app on the mobile device itself by 'looking' at the passport or any other document thus avoiding any data storage or transmission? Computer vision technology can easily perform that function. If interested I can share more information with the technical team. Do let me have a contact.

    Reply
  2. Comment by Matthew posted on

    I came across this post whilst looking for other people's experience using one of the recognised commercial software providers for completing Self Assessment. It surprised me that all the software I looked at expect you to enter your Government Gateway ID and Password, not as part of the submission service via some OAuth process but directly into the provider's interface. This strikes me as being very insecure and bad practice. The ability to create delegate accounts for use with these services would be better or else to be redirected to a gov.uk hosted page during the submission process in order to authenticate. Or am I missing something?

    Reply
    • Replies to Matthew>

      Comment by The GDS Team posted on

      Hi Matthew,

      Thank you for getting in touch. The scope of our programme right now is to develop an identity checking solution for government services hosted on GOV.UK; the experience you describe is something we may explore in the longer term. In the meantime, if you would like to share your experience and query with the team that run Government Gateway, you can find contact information on HMRC’s technical support page.

      Thanks,
      The GDS Team

      Reply
  3. Comment by Julia posted on

    Puzzled to read "Interestingly, many people assume they already have an online ‘government’ account that holds data on them and that services are joined-up. " < perhaps they have a government gateway account? While that doesn't join up much, I thought it did allow you to access some services, and did join some up - driving licence and passports? So those people may not know about your new plans, but they are surely not completely wrong?

    Reply
    • Replies to Julia>

      Comment by The GDS Team posted on

      Hi Julia,

      You are right that some of those involved in the user research may have had a Government Gateway account, but will not have realised that it didn’t allow them to access all online government services, or that it didn’t join up all their data.

      Thanks,
      The GDS Team

      Reply
  4. Comment by Mungo Henning posted on

    All I want to do is to change my login password, but it’s not obvious how to do so (no timely answers along the lines of “Oh, you just need to click…” requested please - it’s not that obvious on the website). As a constant, I’d like (say) my login name as a banner at the top of every page, with a button to let me logout, and another button to take me to a page where I can manage my login details.
    It’s not rocket science; tell the folks who want to Oooh and Aaaah at the beauty of a website to take a hike: I’m here to solve MY problems, not to admire on the latest pretty font or bleeding-edge graphics fad.
    Disgruntled is me.

    Reply
    • Replies to Mungo Henning>

      Comment by The GDS Team posted on

      Hi Mungo,

      Thank you for taking time to share your experience. Services on GOV.UK are run by different teams which currently means that the login processes vary. Without knowing what service you’re trying to use, we’re not able to direct you on how to change your password. However you can raise this with the support team, who may be able to help with this.

      Thanks,
      The GDS Team

      Reply
  5. Comment by CDJ Moore posted on

    It would be more helpful if you would just explain in steps one after the other EXACTLY what you need to do in order to sign in. I THOUGHT that I’d got the HMRC app all hunky dory and just needed the pass number I’d set up, but it seems to have reverted to needing to sign in with a gov gateway account number, plus other means of identification. Is this part of this new upgrade? And once done will I have to
    go through the whole rigmarole again?

    Reply
  6. Comment by Jo Scorey posted on

    Can you please provide details of how I can set up an account or who can help when you haven’t sent a text out to verify account. I’m now stuck on a loop and can’t log in or verify my account. It just tells me that my email has been used before but account is unconfirmed. I KNOW, no SMS received. There is no guidance on the website on how to resolve this and I suspect this hasn’t happened to just me.

    Reply
  7. Comment by David Moss posted on

    You say: "Our most significant recent milestone so far has been getting GOV.UK accounts live with the authentication component. This is a real achievement …".

    I have an old GOV.UK account and a new one I created today. I can't see any difference. Can you please explain what this "authentication component" is.

    Reply
    • Replies to David Moss>

      Comment by The GDS Team posted on

      Hi David,

      Thanks for your question. The new GOV.UK account is created using our product and is the first time you’ll have been logged into the GOV.UK website itself, rather than an individual service.

      There’s some further information on how the new account will work from one of our previous blog posts: https://gds.blog.gov.uk/2021/09/08/how-will-the-new-single-sign-on-and-a-gov-uk-account-work-together/

      Thanks,
      The GDS Team

      Reply
      • Replies to The GDS Team>

        Comment by David Moss posted on

        Thank you, GDS Team, for your response.

        My question was about the "authentication component" which is said by Natalie Jones to be "live" now with GOV.UK accounts.

        When I opened my December GOV.UK account I expected to have my identity authenticated in some way superior to when I opened my April account but there was no discernible difference – the "milestone" of this "real achievement" is invisible to us users, what does it consist in?

        What does the authentication component do? The answer is not given in your response nor in Cantlin Ashrowan's blog post that you kindly provide a link for (although I would recommend that everyone read the comments on that blog post).

        You say: "The new GOV.UK account is created using our product and is the first time you’ll have been logged into the GOV.UK website itself":

        • What is "our product"? One Login? Sign In? What? Why not name it? It seems obtuse or evasive or excessively elliptical not to name it.

        • The new account allows me to sign up for departmental press releases just the same as the old account did. No difference. I can't use the GOV.UK account to log into any other GOV.UK services now and I couldn't before. So what does being "logged into the GOV.UK website itself" amount to? What's the difference? What have GDS achieved?

        I look forward to your further response.

        Reply
        • Replies to David Moss>

          Comment by The GDS Team posted on

          Hi David,

          Authentication provides assurance that the person logging in is the account owner. It can be done by combining different types of authenticators.

          The original GOV.UK account authentication component was built for alpha testing of the account functionality. The component that has replaced this alpha version has the technical capabilities to scale alongside the needs of the GOV.UK account and other connected services as part of the One Login for Government programme. We shared a post about our work developing this component earlier in the year on the Services in Government blog.

          The product is called GOV.UK Sign In, however users will interact with the product through the GOV.UK account.

          The features of the GOV.UK Account are being developed iteratively; we blogged about the ambition for GOV.UK account and our approach to developing this functionality on the GDS Blog.

          Thanks,
          The GDS Team

          Reply
  8. Comment by John posted on

    Will it allow citizens to log in using the identity provider of their choice (assuming it is appropriately approved, of course)?

    Will it allow for users to present different identities depending on their mode of interaction (i.e. a user presenting as an authorised agent of a business or charity, as opposed to a private citizen)?

    Will it allow for delegation, such as in the event of powers of attorney being invoked, and how will that be controlled to ensure the safety of those subject to the powers used?

    Reply
    • Replies to John>

      Comment by The GDS Team posted on

      Hi John,

      Thanks for your questions. Our ambition is to become less reliant on third party data providers, so we don't plan on providing a choice of identity provider at this time.

      Our research with citizens and service teams has highlighted the need for us to consider different interactions people have with government, as you've pointed out. We'll use this research to design the right ways to make it easy for people to use the service in the way that works best for their situation.

      We recognise how important delegated access is for some of the UK's most vulnerable people, and are working with other government departments to enable this. We are committed to tackling this issue head-on and are exploring ways to make it simpler to act on behalf of someone else, whilst protecting some of our most vulnerable users.

      Thanks,
      The GDS Team

      Reply
  9. Comment by Chris Moore MBE posted on

    Can we please keep the language consistent? Users don't log onto Government Services, they sign in!

    Reply
    • Replies to Chris Moore MBE>

      Comment by The GDS Team posted on

      Hi Chris,

      Thanks for your feedback. ‘One Login for Government’ is the name of the GDS vision to deliver a joined-up, personalised experience of GOV.UK. The name of the product government services will use is ‘GOV.UK Sign In’.

      Thanks,
      The GDS Team

      Reply

Leave a comment

We only ask for your email address so we know you're a real person

By submitting a comment you understand it may be published on this public website. Please read our privacy notice to see how the GOV.UK blogging platform handles your information.