Remembering the password

I don’t know whether, like me, you find it difficult to remember all your passwords.  All sorts of websites demand nowadays that you should provide a secure password.  Passwords have got longer, more complex, and more convoluted.  Many people use passwords that are almost worthless in security terms, such as “password” or “12345”; many recycle the same password to several sites; some of us just forget what the password is and need numerous reminder; others write the password down and leave a note next to their computer.   So it’s not wholly surprising to be told  that when it comes to public services, people are having difficulties with security processes. Last week, Howard Shiplee, charged with Universal Credit,  told the Work and Pensions Committee that claims for UC couldn’t be digital by default because they couldn’t satisfy the elementary requirements of secure service delivery.  Jason Feeney, Benefits Director at the DWP explained that people were falling at the first hurdle in claims for Personal Independence Payment, because they couldn’t get past the security questions.

Mark Ballard, of Computer Weekly, pins part of the blame on the Cabinet Office, which has pressed digital by default services as a way of saving staff costs.  The Cabinet Office has been issuing bullish statements about its wonderful Identity Assurance Programme (IDA), which is supposed to offer secure online access:  “a simple, trusted and secure means of accessing public services”.  Ballard reads the abandonment of ‘digital by default’ in UC as a reflection on the effective failure of IDA.

I’m not a computer wonk, and I’ve only cast a cursory eye over the Government Digital Service’s Guide to Good Practice, published this month.  But if there was anything there about the experience of service users, quality of service, accessibility or citizenship, I missed it.

One comment

  1. Gareth Morgan (@gmorgan_ferret)

    I’ ve commented in other places before about the lunacy of the original intention to use Universal Credit as the first implementation of IDA. While something has to be first it was always bizarre to insert another point of failure into such a complex program.

    The original process was going to be even more tortuous than you point out. Claimants would have had to ‘assert their identity’ through one of a number of commercial ‘Identity Providers’ such as Experian, the Post Office, Verizon and others. They would have to satisfy whatever processes those companies put in place before they could be passed onto the DWP to claim Universal Credit. Presumably (one hopes) those companies would take some of the risk of identity fraud in return for their commercial services.

Leave a Reply