John Fontana|

UK First Government To Offer U2F-Secured Digital ID

The UK has spent the past five years on a digital transformation that is setting a world standard for how citizens securely interact with government online services.

The UK’s Government Digital Service (GDS), which came online in 2011, will add in a few weeks a new verification service called GOV.UK Verify to this impressive project.

Digidentity is one of the original identity providers (IdP) for GOV.UK Verify and will offer support for the YubiKey and the Universal 2nd Factor (U2F) protocol. UK citizens can now use a YubiKey as a second authentication factor to access their Digidentity accounts, while the country rolls out the first government service in the world to support U2F.

This is an important milestone for both citizens and governments looking to leverage identity data to secure services while safeguarding privacy. The combination of secure authentication and federation/single sign-on is required for digital services to scale.

GOV.UK Verify uses a host of identity providers who validate a citizen’s personal data, store that data, and verify the user is who they say they are when they attempt to access government digital services. The IdPs are part of an identity federation established as part of GDS.

The GOV.UK Verify program has been running in beta for the past 18 months. The program supports 13 services spread over five government departments, but it will have 50 services and 10 departments signed up when GOV.UK Verify goes live in early April. The service will support 90% of the UK’s adult population, according to the UK government.

“UK citizens can easily purchase a FIDO U2F device online and register it with Digidentity,” says Marcel Wendt, Digidentity CTO and co-founder. “With a quick online process, the user’s identity is verified and tied to the U2F device, and the data is encrypted to safeguard a user’s privacy.”

Today, verifying identity is mostly done via manual processes, such as asking people to send identity evidence via snail mail or show ID in-person at a counter service. Those are cumbersome and time-consuming tasks for people needing access to online services using their digital identity credentials.

To authenticate to GOV.UK Verify using Digidentity with FIDO U2F, the user inserts a U2F YubiKey device into their computer’s USB port, and then touches the device. There are no drivers or client software to install. Later this year, U2F authentication via Near Field Communication (NFC) and Bluetooth will be supported by Digidentity for secure login from mobile devices.

Digidentity’s ground-breaking IdP service with strong authentication is another example of how Yubico helps secure online identities and innovates to make those identities easier to use and and available to everyone.