The Government Digital Service (GDS) has rewritten its guidance on authentication for online services.
It has updated the GPG 44 document for the first time since 2014, taking account of the development two-factor authentication and refreshing parts that were regarded as outdated.
Tom Hughes, senior content designer for digital identity at GDS, said it has also placed the emphasis on plain English, provided more explanations on why elements should be followed, and made the guide available as an HTML publication, as well as in PDF format, to make it more accessible and compliant with open standards.
“We know that service teams know a lot more about the needs of their service than we do. Instead of just telling service teams what to do, we now give them enough information about authentication to be able to make decisions for themselves,” Hughes said.
He also clarified the distinction between authentication – the way a user signs into an online service – and identity verification for proving an identity. Guidance on the latter was updated last year.
GDS has also worked on adding new guidance to the Service Manual for public services on checking users’ identities.
Hughes said it plans to carry out more work on guidance to support the growth of digital identity across the UK.
Image by Simon Waldherr, Creative Commons through Wikimedia
