Government Login System; A Critical Business.

/in , /by

Website, an ultimate tool to match and keep-up with the ever-growing market. What makes it so special? The architecture? The feel? The Service? Or the ability to take control as per our convenience? Be it a personal website or a government website. Every website demands for security, especially those involving transactions.

Federal Agency’s website is always on the front lines when it comes to deliver services to the public. Majority of American Population go online to seek government services. According to the survey, the Research Center estimated that 82% of the U.S. Internet users search for information and complete a transaction on a government website, including 40% of those via smartphones. So, the utmost important ingredient here is; Security.

What makes a website secure? Yes the Login Portal to authenticate users. But Federal Agencies have their own protocol, therefore individuals who want to access government applications and services generally must create a username and password for each agency site they visit. And agencies maintain their own identity management systems to authenticate users. This approach invites data redundancy: Same user maintains multiple passwords whilst the government maintains multiple systems for managing credentials. Security suffers as well; weak and stolen passwords rank among the top ways an online system can be compromised.

In response, the federal government has been moving toward an identity management approach that will let people use the same credential to conduct business with multiple agencies, thereby creating a common mechanism for transmitting identity information and introducing stronger authentication. “The usability of secure identity solutions is something that the market has been struggling to improve for years,” said Jeremy Grant, senior executive adviser for identity management at the National Institute of Standards and Technology. “We’ve had no problem developing ‘secure’ identity technologies, but if people don’t use them, then they really don’t offer much security.”

Since the passage of the E-Government Act of 2002, myriad federal services have emerged online. A 2014 Government Accountability Office report noted that agencies operate more than 11,000 websites. As more people make the Web their default choice for government interactions, the need to provide safe access has become even more important. The sharp rise in the use of mobile devices to access federal websites adds another dimension to the security challenge. The White House’s 2012 Digital Government Strategy states that “policies governing identity and credential management may need to be revised to allow the introduction of new solutions that work better in a mobile world.”

In 2009, the White House published a Cyberspace Policy Review that included the need to create a “cybersecurity-based identity management vision and strategy” on a list of 10 action items. That paper led to the launch in 2011 of the National Strategy for Trusted Identities in Cyberspace, which works with private- and public-sector entities to support the development of interoperable identity credentials. That move set the stage for a cloud-based, federated identity management solution.

A NIST-managed National Program Office coordinates NSTIC activities. The office collaborated with the General Services Administration to draft the requirements for the Federal Cloud Credential Exchange and awarded a contract to SecureKey Technologies in 2013 to create the exchange. FCCX was designed to let people use third-party credentials to access federal services online. In addition to improving the user experience, the governmentwide exchange would help agencies sidestep the cost of credentialing the same person numerous times.

FCCX is now known as Connect.gov and falls under the auspices of GSA. The program allows people to use digital credentials provided by government-approved sign-in partners to confirm their identities when requesting access to online government services. When they log in, users consent to share what Connect.gov describes as a “limited set of personally identifiable information.” Connect.gov then serves as the pipeline for transmitting identity information from the sign-in partner to the agency’s online application.

Editor’s Note: Ideas inspired from;

John, Moore. “How many parties does it take to provide a single government login?– FCW.”

FCW. N.p., 22 May 2015. Web. 26 Nov. 2015.