Security is Everyone’s Responsibility: Delivering Secure, Usable Login for Government
Creating easy-to-use online products and services is not something you read much about when referring to the government. In this blog post, I’ll share how the cross-functional teams on login.gov designs and delivers human-centered experience to create a modern, secure, and impactful login service for the public.
What is login.gov?
Trusted by government agencies, login.gov is a shared service used by the public. Our program’s mission is to simplify secure access to online government services for the public, and reduce costs for agencies and taxpayers. With one login.gov account, the sign-in process is streamlined; the need to remember different passwords for each agency is eliminated.
To create the best product possible, our subject matter experts (SMEs) on the team take our security experience of the product seriously.
We do this by keeping a balance of privacy, usability, and trust. Our cross-disciplinary teams of engineering, product management and user experience (UX) work to ensure we deliver an easy to use service that is simple for agencies to integrate into their systems.
We are also unique in that we are built to be for the government, but we are also the government ourselves. Our SMEs in authentication and identity verification management understand how the government works so that we can create products that best suit our partners—and ultimately the public’s—needs.
When it comes to our security experience, our encryption method works like a safe deposit box in a bank vault. Only the user has the key; only the user can open the box to reveal the contents.
Authentication and identity verification services
Login.gov has varying levels of service that we provide to our agency partners. The two that I’ll be referring to here are our authentication and identity verification services.
Our authentication service is to provide strong, modern authentication methods to the entire U.S. public. We do this by using modern security techniques, plain language, and human-centered design.
Identity verification refers to our online identity-proofing platform that allows our partner agencies to verify that their users are who they say they are, wherever they are; whether it’s from the convenience of their own home, or on the go with a mobile device.
Creating a human-centered approach to our process
Login.gov has actively been incorporating human-centered design into our delivery process to include continuous discovery and create impact. Here are a few specific ways in which the team has collaborated to create an optimal security user experience for the public.
Continuous and iterative user feedback loops
Usability testing is a priority when trying to obtain information directly from the public and get feedback about their experiences with our product. We use online tooling to test our concepts directly with users and quickly iterate on our designs. Within 30 minutes (or sometimes less!) we are able to get the public’s direct feedback on our new concepts and ideas. This helps to ensure we are making the best product possible for the public.
Performing cross disciplinary ideation sessions
We’ve also incorporated remote human-centered design methods to perform cross disciplinary ideation sessions for convergent and divergent thinking. Bringing together engineers, product managers and user experience subject matter experts to ideate has been beneficial to creating new, enriching concepts for login.gov products and services. It has also been a great way for our team to bond and get to know how we all think and work.
We ensure that all members of the login.gov team are aware of user experience methods that are happening around the program (e.g., user interviews) and invite them to join. This can be done by joining various meetings (e.g., engineering weekly) for feedback on concepts and watching user interviews together over a conference call.
Case study: Increasing our identity verification proofing rates
Now that you know a bit more about what login.gov is and how we work, I’d like to outline a case study of how we put our methods into practice to increase our proofing rates for our identity verification service.
Creating user flows for IAL2
Identity verification, also referred to as Identity Assurance Level 2 NIST standard (also known as IAL2), has been a big focus area for the past year. We’ve been actively working on how to better understand when and where to improve our flows so that users are securely verified with as little burden to them as possible.
Performing usability testing on new concepts
After creating these flows, we targeted the image capture portion of the flow and how we could better enhance the experience to better meet the public’s needs. There were a few updates to the flow that we made, based on feedback we received from our study:
- Being on mobile, having large, easy to click areas is important when creating a quality user experience. We decided to make the entire “Photo” box clickable, which tested well!
- We also decided to use more plain language to describe the interactions required for verification. For example, this screen asked for the user to take a “selfie” of themselves. Now, some folks on this call may know what a “selfie” is, but that is an assumption we knew we could not make for the public’s understanding of this term. Therefore, we changed the language to read, “Take a photo of yourself.”
Removing confusing steps in the process
We also heard from users that certain screens were unhelpful or unuseful in the proofing process. For example, this screen appeared when the user had only made it through two of the steps BUT had not completed the proofing process.
Increased to 60% proofing success rates in two weeks
We implemented the recommendations that were based off of our usability testing and saw our actual* proofing rates increase from 51% to 60% within two weeks. This was a remarkable outcome for us to see after making a few incremental changes to improving our service, based on our teams findings and recommendations.
Within 30 days of implementation, our average actual success rate increased to 74%, and with a daily high as high as much 84%. These numbers will continue to climb by using continuous discovery and human-centered design techniques. As you can see, not only does this improve the public’s experience of login.gov, but also has serious business impact - making our product more attractive to partners, and reducing our costs to proof users.
* Note: Actual is the percent of successfully proofed users who actually start the proofing process and complete all steps.
And we’re just getting started
In fiscal year 2021, we are expanding upon our work and continuing to build the best security user experience for the public. By taking a human-centered approach to our metrics, product iterations, and service design, we will continue to build an even better login.gov for everyone.
You can learn more by visiting our login.gov website.
Is your agency looking for a login solution for your online products and services? Visit partners.login.gov.
About the Author
Julia Elman | U.S. General Services Administration
Julia Elman is the UX Lead for login.gov. She leads design and development teams, and coaches people to help them reach their full potential and create amazing things. She is passionate about the streamlining process, and is an advocate for open-source development and user-centered design. She is based in Durham, NC.
Do you have a .gov or .mil email address and are looking to connect with other feds working on digital products and services? Join our Communities of Practice, such as User Experience, DevOps, Web Content Managers Forum, IT Accessibility and Section 508, MobileGov, and more! Explore Digital.gov’s Resources and Tools and Services for additional information and help.