As times change and as a function of the pandemic response, governments are trying to deliver more services online. Unfortunately, governments rarely get to hire the best or the brightest software developers or security architects because they cannot match what the private sector can offer.
Auth0 recently released the findings of its Public Sector Identity Index. Here are some of their findings.
The first question is how do citizens authenticate themselves to your digital services.
Not surprisingly, the overwhelming answer was userid and password, probably the least secure method possible other than no authentication at all.
While the report says that a little more than 60% use two factor authentication, it is less clear to me whether that means that the site OFFERS 2FA or the site REQUIRES 2FA. Google, for example, offers it but at the moment, for the most part, does not require it. The results include responses from not only U.S. IT and business leaders, but also those in the U.K., Australia and New Zealand. Different countries probably have different adoption rates.
So what are some of the key findings?
- Less than one in five are extremely confident in the security of their current authentication solution.
- Four in ten are building their own identity authentication solution. I am sure they will do that perfectly and securely. NOT!
- Most (75%) plan to expand their digital offerings over the next couple of years and almost the same number are concerned about citizens’ privacy as well.
If we just look at U.S. responses, ensuring that citizens trust their government’s digital services comes in at 71%, but only 56% of those same people have confidence in their ability to deliver it.
Forrester says that what the public sector does is hugely important because it makes up 30% of the global GDP. Credit: Helpnet Security