{ "version" : "https://jsonfeed.org/version/1", "content" : "news", "type" : "single", "title" : "Security is Everyone's Responsibility: Delivering Secure, Usable Login for Government |Digital.gov", "description": "Security is Everyone's Responsibility: Delivering Secure, Usable Login for Government", "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2021/03/02/security-is-everyones-job-delivering-secure-usable-login-for-government/index.json","item" : [ {"kicker" : "Privacy","title" :"Security is Everyone's Responsibility: Delivering Secure, Usable Login for Government","deck" : "How login.gov incorporated human centered design and continuous discovery into their product development process to improve the user experience.","summary" : "How login.gov incorporated human centered design and continuous discovery into their product development process to improve the user experience.","date" : "2021-03-02T10:28:00-05:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"julia-solorzano" : "Julia Solórzano"},"topics" : { "design" : "Design", "human-centered-design" : "Human-centered design", "privacy" : "Privacy", "research" : "Research", "security" : "Security", "user-experience" : "User experience" },"primary_image" : { "uid" : "login-gov-launch", "alt" : "", "width" : "600", "height" : "400", "credit" : "", "caption" : "", "format" : "png" },"branch" : "bc-archive-content-3", "filename" :"2021-03-02-security-is-everyones-job-delivering-secure-usable-login-for-government.md", "filepath" :"news/2021/03/2021-03-02-security-is-everyones-job-delivering-secure-usable-login-for-government.md", "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/news/2021/03/2021-03-02-security-is-everyones-job-delivering-secure-usable-login-for-government.md", "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/news/2021/03/2021-03-02-security-is-everyones-job-delivering-secure-usable-login-for-government.md","slug" : "security-is-everyones-job-delivering-secure-usable-login-for-government","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2021/03/02/security-is-everyones-job-delivering-secure-usable-login-for-government/","weight" : "1","content" :"\u003cp\u003eCreating easy-to-use online products and services is not something you read much about when referring to the government. In this blog post, I\u0026rsquo;ll share how the cross-functional teams on \u003ca href=\"https://login.gov\"\u003eLogin.gov\u003c/a\u003e designs and delivers human-centered experience to create a modern, secure, and impactful login service for the public.\u003c/p\u003e\n\u003ch2 id=\"what-is-logingov\"\u003eWhat is Login.gov?\u003c/h2\u003e\n\n\n\u003cdiv class=\"image image-right\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/login-lock-graphic_w200.png\" alt='An illustration of a gold padlock is surrounded by blue privacy and security icons.'\n srcset=\"https://s3.amazonaws.com/digitalgov/login-lock-graphic_bu.jpg 48w,https://s3.amazonaws.com/digitalgov/login-lock-graphic_w800.png 800w,https://s3.amazonaws.com/digitalgov/login-lock-graphic_w400.png 400w,https://s3.amazonaws.com/digitalgov/login-lock-graphic_w200.png 200w\"\n sizes=\"(max-width: 600px) 40vw, 400px\"\n /\u003e\u003c/div\u003e\n\n\n\u003cp\u003eTrusted by government agencies, Login.gov is a shared service used by the public. Our program\u0026rsquo;s mission is to simplify secure access to online government services for the public, and reduce costs for agencies and taxpayers. With one Login.gov account, the sign-in process is streamlined; the need to remember different passwords for each agency is eliminated.\u003c/p\u003e\n\u003ch3 id=\"security-experience\"\u003eSecurity experience\u003c/h3\u003e\n\n\n\u003cdiv class=\"image image-right\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/login-vault-door_w200.png\" alt='An illustration of a blue and red vault door has the red and white login.gov logo in the center.'\n srcset=\"https://s3.amazonaws.com/digitalgov/login-vault-door_bu.jpg 48w,https://s3.amazonaws.com/digitalgov/login-vault-door_w400.png 400w,https://s3.amazonaws.com/digitalgov/login-vault-door_w200.png 200w\"\n sizes=\"(max-width: 600px) 40vw, 400px\"\n /\u003e\u003c/div\u003e\n\n\n\u003cp\u003eTo create the best product possible, our subject matter experts (SMEs) on the team take our security experience of the product seriously.\u003c/p\u003e\n\u003cp\u003eWe do this by keeping a balance of privacy, usability, and trust. Our cross-disciplinary teams of engineering, product management and user experience (UX) work to ensure we deliver an easy to use service that is simple for agencies to integrate into their systems.\u003c/p\u003e\n\u003cp\u003eWe are also unique in that we are built to be for the government, but we are also the government ourselves. Our SMEs in authentication and identity verification management understand how the government works so that we can create products that best suit our partners—and ultimately the public\u0026rsquo;s—needs.\u003c/p\u003e\n\u003cp\u003eWhen it comes to our security experience, our encryption method works like a safe deposit box in a bank vault. Only the user has the key; only the user can open the box to reveal the contents.\u003c/p\u003e\n\u003ch3 id=\"authentication-and-identity-verification-services\"\u003eAuthentication and identity verification services\u003c/h3\u003e\n\u003cp\u003eLogin.gov has varying levels of service that we provide to our agency partners. The two that I’ll be referring to here are our authentication and identity verification services.\u003c/p\u003e\n\u003cp\u003eOur authentication service is to provide strong, modern authentication methods to the entire U.S. public. We do this by using modern security techniques, \u003ca href=\"https://digital.gov/topics/plain-language/\"\u003eplain language\u003c/a\u003e, and human-centered design.\u003c/p\u003e\n\u003cp\u003eIdentity verification refers to our online identity-proofing platform that allows our partner agencies to verify that their users are who they say they are, wherever they are; whether it’s from the convenience of their own home, or on the go with a mobile device. \u003c/p\u003e\n\u003ch2 id=\"creating-a-human-centered-approach-to-our-process\"\u003eCreating a human-centered approach to our process\u003c/h2\u003e\n\u003cp\u003eLogin.gov has actively been incorporating human-centered design into our delivery process to include continuous discovery and create impact. Here are a few specific ways in which the team has collaborated to create an optimal security user experience for the public.\u003c/p\u003e\n\u003ch3 id=\"continuous-and-iterative-user-feedback-loops\"\u003eContinuous and iterative user feedback loops\u003c/h3\u003e\n\u003cp\u003eUsability testing is a priority when trying to obtain information directly from the public and get feedback about their experiences with our product. We use online tooling to test our concepts directly with users and quickly iterate on our designs. Within 30 minutes (or sometimes less!) we are able to get the public’s direct feedback on our new concepts and ideas. This helps to ensure we are making the best product possible for the public.\u003c/p\u003e\n\u003ch3 id=\"performing-cross-disciplinary-ideation-sessions\"\u003ePerforming cross disciplinary ideation sessions\u003c/h3\u003e\n\u003cp\u003eWe’ve also incorporated remote \u003ca href=\"https://methods.18f.gov/\"\u003ehuman-centered design methods\u003c/a\u003e to perform cross disciplinary ideation sessions for convergent and divergent thinking. Bringing together engineers, product managers and user experience subject matter experts to ideate has been beneficial to creating new, enriching concepts for Login.gov products and services. It has also been a great way for our team to bond and get to know how we all think and work.\u003c/p\u003e\n\u003ch3 id=\"working-transparently\"\u003eWorking transparently\u003c/h3\u003e\n\u003cp\u003eWe ensure that all members of the Login.gov team are aware of user experience methods that are happening around the program (e.g., user interviews) and invite them to join. This can be done by joining various meetings (e.g., engineering weekly) for feedback on concepts and watching user interviews together over a conference call.\u003c/p\u003e\n\u003ch2 id=\"case-study-increasing-our-identity-verification-proofing-rates\"\u003eCase study: Increasing our identity verification proofing rates\u003c/h2\u003e\n\u003cp\u003eNow that you know a bit more about what Login.gov is and how we work, I’d like to outline a case study of how we put our methods into practice to increase our proofing rates for our identity verification service.\u003c/p\u003e\n\u003ch3 id=\"creating-user-flows-for-ial2\"\u003eCreating user flows for IAL2\u003c/h3\u003e\n\u003cp\u003eIdentity verification, also referred to as \u003ca href=\"https://pages.nist.gov/800-63-3/sp800-63-3.html\"\u003eIdentity Assurance Level 2 NIST\u003c/a\u003e standard (also known as IAL2), has been a big focus area for the past year. We’ve been actively working on how to better understand when and where to improve our flows so that users are securely verified with as little burden to them as possible.\u003c/p\u003e\n\u003ch3 id=\"performing-usability-testing-on-new-concepts\"\u003ePerforming usability testing on new concepts\u003c/h3\u003e\n\u003cp\u003eAfter creating these flows, we targeted the image capture portion of the flow and how we could better enhance the experience to better meet the public’s needs. There were a few updates to the flow that we made, based on feedback we received from our study:\u003c/p\u003e\n\u003cul\u003e\n\u003cli\u003eBeing on mobile, having large, easy to click areas is important when creating a quality user experience. We decided to make the entire “Photo” box clickable, which tested well! \u003c/li\u003e\n\u003cli\u003eWe also decided to use more plain language to describe the interactions required for verification. For example, this screen asked for the user to take a “selfie” of themselves. Now, some folks on this call may know what a “selfie” is, but that is an assumption we knew we could not make for the public’s understanding of this term. Therefore, we changed the language to read, “Take a photo of yourself.”\u003c/li\u003e\n\u003c/ul\u003e\n\u003ch3 id=\"removing-confusing-steps-in-the-process\"\u003eRemoving confusing steps in the process\u003c/h3\u003e\n\u003cp\u003eWe also heard from users that certain screens were unhelpful or unuseful in the proofing process. For example, this screen appeared when the user had only made it through two of the steps BUT had not completed the proofing process.\u003c/p\u003e\n\n\n\n\n\n\n\n\u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/logingov-screenshot.png\"alt=\"A screenshot of a login.gov verification page reads, We\u0026#39;ve verified your social security number and state-issued ID. It has a large blue button to continue, and a small text link to cancel.\"/\u003e\u003c/div\u003e\n\n\n\u003ch3 id=\"increased-to-60-proofing-success-rates-in-two-weeks\"\u003eIncreased to 60% proofing success rates in two weeks\u003c/h3\u003e\n\u003cp\u003eWe implemented the recommendations that were based off of our usability testing and saw our actual* proofing rates increase from 51% to 60% within two weeks. This was a remarkable outcome for us to see after making a few incremental changes to improving our service, based on our teams findings and recommendations.\u003c/p\u003e\n\u003cp\u003eWithin 30 days of implementation, our average actual success rate increased to 74%, and with a daily high as high as much 84%. These numbers will continue to climb by using continuous discovery and human-centered design techniques. As you can see, not only does this improve the public’s experience of Login.gov, but also has serious business impact - making our product more attractive to partners, and reducing our costs to proof users.\u003c/p\u003e\n\u003cp\u003e\u003cem\u003e* Note: Actual is the percent of successfully proofed users who actually start the proofing process and complete all steps.\u003c/em\u003e\u003c/p\u003e\n\u003ch2 id=\"and-were-just-getting-started\"\u003eAnd we’re just getting started\u003c/h2\u003e\n\u003cp\u003eIn fiscal year 2021, we are expanding upon our work and continuing to build the best security user experience for the public. By taking a human-centered approach to our metrics, product iterations, and service design, we will continue to build an even better Login.gov for everyone.\u003c/p\u003e\n\u003cp\u003eYou can learn more by visiting our \u003ca href=\"https://www.login.gov\"\u003eLogin.gov website\u003c/a\u003e.\u003c/p\u003e\n\u003cp\u003eIs your agency looking for a login solution for your online products and services? Visit \u003ca href=\"https://partners.login.gov\"\u003epartners.login.gov\u003c/a\u003e.\u003c/p\u003e\n\u003ch2 id=\"_about-the-author_\"\u003e\u003cem\u003eAbout the Author\u003c/em\u003e\u003c/h2\u003e\n\n \u003ch3\u003e\n Julia Solórzano\n \u0026nbsp;|\u0026nbsp;U.S. General Services Administration\u003c/h3\u003e\n \u003cp\u003e\n Julia Solórzano is the Branch Chief of User Experience for Login.gov, where she leads a team of designers and developers to create secure and user-friendly identity solutions for federal agencies and the public. She has over twenty years of experience in design leadership, people management, user experience, web development, and open source projects.\n \u003c/p\u003e\n\u003chr\u003e\n\u003cp\u003e\u003cem\u003eDo you have a .gov or .mil email address and are looking to connect with other feds working on digital products and services? Join our \u003ca href=\"https://digital.gov/communities/\"\u003eCommunities of Practice\u003c/a\u003e, such as User Experience, DevOps, Web Content Managers Forum, IT Accessibility and Section 508, MobileGov, and more! Explore Digital.gov’s \u003ca href=\"https://digital.gov/resources/\"\u003eResources\u003c/a\u003e and \u003ca href=\"https://digital.gov/services/\"\u003eTools and Services\u003c/a\u003e for additional information and help.\u003c/em\u003e\u003c/p\u003e\n"} ] }