Skip to the content

Follow us @UKAuthority

GDS updates guidance on authentication


Mark Say Managing Editor

The Government Digital Service (GDS) has rewritten its guidance on authentication for online services.

Male head in silhouette

It has updated the GPG 44 document for the first time since 2014, taking account of the development two-factor authentication and refreshing parts that were regarded as outdated.

Tom Hughes, senior content designer for digital identity at GDS, said it has also placed the emphasis on plain English, provided more explanations on why elements should be followed, and made the guide available as an HTML publication, as well as in PDF format, to make it more accessible and compliant with open standards.

“We know that service teams know a lot more about the needs of their service than we do. Instead of just telling service teams what to do, we now give them enough information about authentication to be able to make decisions for themselves,” Hughes said.

He also clarified the distinction between authentication – the way a user signs into an online service – and identity verification for proving an identity. Guidance on the latter was updated last year.

GDS has also worked on adding new guidance to the Service Manual for public services on checking users’ identities.

Hughes said it plans to carry out more work on guidance to support the growth of digital identity across the UK.

Image by Simon Waldherr, Creative Commons through Wikimedia

Register: Library & Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.