Authentication and the alternative to portals
Written by Salman Chaudhri & Kirsty Sinclair
Over a year ago, Carrie wrote a blog post about whether councils should invest in clunky, expensive ‘citizen account’ products, or (shudder) ‘portals’.
The short answer is no.
As Carrie explained:
“The main problem is that the products being sold as citizen portals are not intuitive for users and are designed around business processes, not user needs.”
But with many councils continuing to look for help in connecting their residents with the various services they need, what’s the alternative?
If government works well it should be largely invisible
For the majority of the population, interactions with their council are few and far between — you might take a look at the website when you first move into the area, or pay your council tax or (maybe) arrange to get a new recycling bin.
People don’t want to spend hours online dealing with their council. They want to get things done as quickly and with as few barriers as possible.
At FutureGov we’re constantly doing research with a broad range of users across different local authorities for services. A regular frustation we’ve seen is people having to register for an account just to complete a simple transaction that they may only do once.
Any point of friction in these types of interactions potentially means that people have to pick up a phone and call the council. This creates more workload for customer service staff and increases the cost of running these services.
To ‘login’ or not to ‘login’
In our recent work, we’ve taken a step back to try to understand what the end goals of people visiting council websites are. As always, understanding user needs first. We’ve also been looking at how much data people need to provide in order to complete different types of transactions.
We’ve found that once you identify the information needed for different types of transactions it’s possible to strip back which services really need a ‘login’.
Teams can then design suitable levels and methods of authentication. This includes traditional username-and-password but also considers alternatives for less accessed council services so that friction can be reduced.
Alternatives to traditional username and password authentication
It’s important to think about alternatives to a username and password authentication approach. People are more likely to forget these details when they have little interaction with their council, and they’re not as safe as we’ve previously thought.
We’ve been exploring how to make authentication easier for people, using pre-existing unique identifiers — providing a link between them, their data and their council.
This may sound a bit technical but here’s an example. In this scenario an individual can use two simple yet different approaches to prove who they are when using council services.
The scenario: Someone wanting to make a change to their personal details with the council so that their information is up to date.
This is a simple transaction but people still expect to complete some form of verification before a change is made to their council’s records.
Verification Method #1: Two Factor Authentication
When someone submits a change in the personal details, they would be asked to provide a current phone number, or any prefered method of contact. This allows them to receive a one-time short code to complete a two-stage verification process. Such a verification process allows the council to be able to combine a phone number to a location — allowing for future verification to be made easier.
Verification Method #2: Known Facts about You
If the person does not wish to provide the number, then existing information can be used to provide a series of multiple choice questions to verify themselves. The questions would be unique to that specific person such as what is their direct debit date, last council tax bill attributed to the property, etc. Using known facts as a verification method is commonly used with telephone banking.
We’ve tested both of these alternative types of verification with people. The consensus was that both verification methods are increasingly becoming more familiar with respect to day-to-day experiences. An important factor is being able to have a choice on how to verify. People have different needs when it comes to privacy, and the verification methods we design should reflect this.
There’s no one size fits all
As we’ve shown, a different, more nuanced approach to authentication can save councils money in the long run. By focusing on making the transactions that apply to most people as seamless as possible, it can help to reduce additional support i.e. the number of phone calls and face to face contact.
There’s an opportunity to fix low level transactions first, in a way that is more open. This can then allow for building verification for more secure or complex transactions when needed. It also supports more automated council transactions (making better use of shared data) that meet everyone’s needs and creating sustainable services.
We’ll be continuing to explore and test how we can better open up services in councils, while still providing the relevant level of security where needed. This also means helping people to understand what an account means and when authentication is necessary.
