Login.gov: Improving Government CX with SSO
John Franklin
We have long since passed the point where simple passwords are a sensible way of logging into a site. Between phishing and social engineering, brute force attacks, and poor quality passwords – the humble username and password is no longer secure. Users, if they’re doing it “right”, need to maintain long lists of passwords in password managers or (gasp!) write them down, and never use the same one twice.
The discussion will walk through the issues with passwords alone, and how other mechanisms can improve security for the platform, including using SSO (single sign-on) & various MFA solutions such as TOTP and PIV. We will then segue into Login.gov and how the federal government is setting this up as an SSO solution for federal websites to improve the CX for citizens engaging a wide variety of federal programs websites, protect citizen’s data, and make it easier to comply with federal authentication policy.
We will then show how a Drupal website can leverage the Login.gov module to integrate with Login.gov and talk about the CX and security ramifications.
Finally, we'll demo the module and discuss how agencies can and do use Login.gov today.
We have long since passed the point where simple passwords are a sensible way of logging into a site. Between phishing and social engineering, brute force attacks, and poor quality passwords – the humble username and password is no longer secure. Users, if they’re doing it “right”, need to maintain long lists of passwords in password managers or (gasp!) write them down, and never use the same one twice.
The discussion will walk through the issues with passwords alone, and how other mechanisms can improve security for the platform, including using SSO (single sign-on) & various MFA solutions such as TOTP and PIV. We will then segue into Login.gov and how the federal government is setting this up as an SSO solution for federal websites to improve the CX for citizens engaging a wide variety of federal programs websites, protect citizen’s data, and make it easier to comply with federal authentication policy.
We will then show how a Drupal website can leverage the Login.gov module to integrate with Login.gov and talk about the CX and security ramifications.
Finally, we'll demo the module and discuss how agencies can and do use Login.gov today.