Identity Management

Login.gov moving ahead

On its final full day, the Obama administration moved ahead with a project to establish a single login for access to federal government online services.

The Login.gov project, run by the General Services Administration's 18F innovation group, is envisioned as a "shared authentication platform" that gives individuals personal accounts for accessing government services and allows agencies the option of using the authentication platform as a shared service, rather than building or contracting for their own sign-on technology.

GSA published a revised systems of records notice for the Login.gov system on Jan. 19. The agency is accepting comments on the plan through Feb. 21 before the notice takes effect and the system can go live if the developers are ready.

Login.gov represents the culmination of efforts across federal agencies throughout the Obama administration. An effort called the National Strategy for Trusted Identities in Cyberspace -- now dubbed the Trusted Identities Group -- gave grants to researchers and companies looking to develop secure, user-friendly ways to authenticate individual web users. As of the end of FY2016, the effort, housed at the National Institute of Standards and Technology, involved more than 170 organizations and led to the development of 14 solutions.

The Login.gov user accounts will have two levels of security, depending on the government service being accessed. The first authentication level uses an email address, password and a phone number. The higher level includes full name, address, date of birth and Social Security number.

The system will leverage multiple private-sector services to confirm user identities based on this data. For instance, the effort could leverage the work of the FIDO Alliance (for Fast IDentity Online), which has brought together a wide range of firms from the financial, online services, hardware, software and security sectors to collaborate on open standards for identity proofing.

If any third-party ID system can't verify a user by matching name, address and Social Security number info, Login.gov can request more user data. The records notice specifies that any of the additional data, perhaps in the form of authentication questions and responses, will not be saved by Login.gov "after the user logs off."

Data in the system is encrypted, and the records notice specifies that "neither the system nor the system operators" can access the name/address/SSN data on a user account "without the user supplying a password or recovery code."

The effort to scale up secure access to government services figured into the report of the Commission on Enhancing National Cybersecurity, which called for the next administration to "require that all Internet-based federal government services provided directly to citizens require the use of appropriately strong authentication."

That report called for secure online access to services related to taxes, immigration, border entry and exit, Social Security accounts, passports and health care programs administered by the Centers for Medicare and Medicaid Services. This is an ambitious call. The IRS and the Social Security Administration in particular have been bedeviled by problems involving both the usability and the misuse of public-facing systems that require authentication.

"The Commission believes strongly that if government requires strong authentication, the private sector will be more likely to do the same," the report stated.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.