Security is Everyone’s Responsibility: Delivering Secure, Usable Login for Government

How incorporated human centered design and continuous discovery into their product development process to improve the user experience.
Mar 2, 2021

Creating easy-to-use online products and services is not something you read much about when referring to the government. In this blog post, I’ll share how the cross-functional teams on designs and delivers human-centered experience to create a modern, secure, and impactful login service for the public.

What is

An illustration of a gold padlock is surrounded by blue privacy and security icons.

Trusted by government agencies, is a shared service used by the public. Our program’s mission is to simplify secure access to online government services for the public, and reduce costs for agencies and taxpayers. With one account, the sign-in process is streamlined; the need to remember different passwords for each agency is eliminated.

Security experience

An illustration of a blue and red vault door has the red and white logo in the center.

To create the best product possible, our subject matter experts (SMEs) on the team take our security experience of the product seriously.

We do this by keeping a balance of privacy, usability, and trust. Our cross-disciplinary teams of engineering, product management and user experience (UX) work to ensure we deliver an easy to use service that is simple for agencies to integrate into their systems.

We are also unique in that we are built to be for the government, but we are also the government ourselves. Our SMEs in authentication and identity verification management understand how the government works so that we can create products that best suit our partners—and ultimately the public’s—needs.

When it comes to our security experience, our encryption method works like a safe deposit box in a bank vault. Only the user has the key; only the user can open the box to reveal the contents.

Authentication and identity verification services has varying levels of service that we provide to our agency partners. The two that I’ll be referring to here are our authentication and identity verification services.

Our authentication service is to provide strong, modern authentication methods to the entire U.S. public. We do this by using modern security techniques, plain language, and human-centered design.

Identity verification refers to our online identity-proofing platform that allows our partner agencies to verify that their users are who they say they are, wherever they are; whether it’s from the convenience of their own home, or on the go with a mobile device. 

Creating a human-centered approach to our process has actively been incorporating human-centered design into our delivery process to include continuous discovery and create impact. Here are a few specific ways in which the team has collaborated to create an optimal security user experience for the public.

Continuous and iterative user feedback loops

Usability testing is a priority when trying to obtain information directly from the public and get feedback about their experiences with our product. We use online tooling to test our concepts directly with users and quickly iterate on our designs. Within 30 minutes (or sometimes less!) we are able to get the public’s direct feedback on our new concepts and ideas. This helps to ensure we are making the best product possible for the public.

Performing cross disciplinary ideation sessions

We’ve also incorporated remote human-centered design methods to perform cross disciplinary ideation sessions for convergent and divergent thinking. Bringing together engineers, product managers and user experience subject matter experts to ideate has been beneficial to creating new, enriching concepts for products and services. It has also been a great way for our team to bond and get to know how we all think and work.

Working transparently

We ensure that all members of the team are aware of user experience methods that are happening around the program (e.g., user interviews) and invite them to join. This can be done by joining various meetings (e.g., engineering weekly) for feedback on concepts and watching user interviews together over a conference call.

Case study: Increasing our identity verification proofing rates

Now that you know a bit more about what is and how we work, I’d like to outline a case study of how we put our methods into practice to increase our proofing rates for our identity verification service.

Creating user flows for IAL2

Identity verification, also referred to as Identity Assurance Level 2 NIST standard (also known as IAL2), has been a big focus area for the past year. We’ve been actively working on how to better understand when and where to improve our flows so that users are securely verified with as little burden to them as possible.

Performing usability testing on new concepts

After creating these flows, we targeted the image capture portion of the flow and how we could better enhance the experience to better meet the public’s needs. There were a few updates to the flow that we made, based on feedback we received from our study:

  • Being on mobile, having large, easy to click areas is important when creating a quality user experience. We decided to make the entire “Photo” box clickable, which tested well! 
  • We also decided to use more plain language to describe the interactions required for verification. For example, this screen asked for the user to take a “selfie” of themselves. Now, some folks on this call may know what a “selfie” is, but that is an assumption we knew we could not make for the public’s understanding of this term. Therefore, we changed the language to read, “Take a photo of yourself.”

Removing confusing steps in the process

We also heard from users that certain screens were unhelpful or unuseful in the proofing process. For example, this screen appeared when the user had only made it through two of the steps BUT had not completed the proofing process.

A screenshot of a verification page reads, We've verified your social security number and state-issued ID. It has a large blue button to continue, and a small text link to cancel.

Increased to 60% proofing success rates in two weeks

We implemented the recommendations that were based off of our usability testing and saw our actual* proofing rates increase from 51% to 60% within two weeks. This was a remarkable outcome for us to see after making a few incremental changes to improving our service, based on our teams findings and recommendations.

Within 30 days of implementation, our average actual success rate increased to 74%, and with a daily high as high as much 84%. These numbers will continue to climb by using continuous discovery and human-centered design techniques. As you can see, not only does this improve the public’s experience of, but also has serious business impact - making our product more attractive to partners, and reducing our costs to proof users.

* Note: Actual is the percent of successfully proofed users who actually start the proofing process and complete all steps.

And we’re just getting started

In fiscal year 2021, we are expanding upon our work and continuing to build the best security user experience for the public. By taking a human-centered approach to our metrics, product iterations, and service design, we will continue to build an even better for everyone.

You can learn more by visiting our website.

Is your agency looking for a login solution for your online products and services? Visit

About the Author

Julia Solórzano  | U.S. General Services Administration

Julia Solórzano is the Branch Chief of User Experience for, where she leads a team of designers and developers to create secure and user-friendly identity solutions for federal agencies and the public. She has over twenty years of experience in design leadership, people management, user experience, web development, and open source projects.

Do you have a .gov or .mil email address and are looking to connect with other feds working on digital products and services? Join our Communities of Practice, such as User Experience, DevOps, Web Content Managers Forum, IT Accessibility and Section 508, MobileGov, and more! Explore’s Resources and Tools and Services for additional information and help.