GOV.UK Verify

[Abarbarian]

UK Becomes the First Government to Offer Secure Online Identities Based on FIDO U2F Standards

STOCKHOLM & AMSTERDAM, March 23, 2016 – Yubico, the leading provider of simple, open and strong authentication, and Digidentity, a leading identity service provider, today announced a partnership to enable FIDO Universal 2nd Factor (U2F) authentication and YubiKeys for UK government services. The joint solution allows all UK citizens to easily and securely access GOV.UK Verify digital public services.

Compromised online identities have reached a level that has exposed the weaknesses in usernames and passwords as well as traditional software security solutions. Government services around the world have a growing demand for strong two-factor authentication, but traditional hardware technologies have been too costly and complicated to scale for most countries and internet users.

The new open authentication standard FIDO U2F changes that model. Successfully deployed and supported by leading commercial service providers, including Gmail and Dropbox, FIDO U2F is now also supported in UK government services, including for identity assurance.

More here

https://www.yubico.com/why-yubico/for-businesses/authentication-solutions/gov-uk-verify-digidentity/

https://www.gov.uk/government/publications/introducing-govuk-verify/introducing-govuk-verify

GOV.UK Verify is the new way to prove who you are online.

It gives safer, simpler and faster access to government services like filing your tax or checking the information on your driving licence.

 

[nivrip]

Are you sure it's not for dogs.

 

[muckshifter]

I recently had to deal with GOV.UK ... had to "sign up" for the "site" of which I had to wait 3days (it took 4) for my password and authentication code to arrive in the post, in two separate letters. Is that the same thing?

... and that was the "quick" way!

 

[Abarbarian]

I recently had to deal with GOV.UK ... had to "sign up" for the "site" of which I had to wait 3days (it took 4) for my password and authentication code to arrive in the post, in two separate letters. Is that the same thing?

... and that was the "quick" way!

I guess so. The Gov link I posted gives pretty clear information about the scheme.

 

[Ian]

Really pleased to see they're doing this - I noticed when I logged in to HMRC's website that they had enabled 2FA, I wonder if that was this initiative.

It makes so much sense - I've got 2 factor authentication enabled almost anywhere I can. It makes things far more secure than just a standard username/password combo.

 

[Abarbarian]

Really pleased to see they're doing this - I noticed when I logged in to HMRC's website that they had enabled 2FA, I wonder if that was this initiative.

It makes so much sense - I've got 2 factor authentication enabled almost anywhere I can. It makes things far more secure than just a standard username/password combo.

Well if you are using your phone for 2 factor then it is not really that safe is it. If using some other method of 2 factor then you would be a lot safer.

 

[Ian]

Perhaps not as much as some of the other methods (although phones can use biometric data to unlock), but much better than the username/password only they had before . Certainly a good direction to go in.