How the VA’s adoption of Login.gov is going

Getty Images

Natalie Alms By Natalie Alms,
Staff Reporter, Nextgov/FCW

By Natalie Alms

|

The agency is standing up in-person identity proofing to help veterans who struggle to go through the identity proofing process online because of a lack of connectivity or existing digital credentials.

The Department of Veterans Affairs has made progress implementing Login.gov as an identity proofing and sign-on tool for patients and beneficiaries, although the work of migrating existing users from its legacy systems and offering more accessible options for identity proofing and multi-factor authentication is still to come.

The effort has financial backing from the Technology Modernization Fund, which awarded the project around $10.5 million in April.

Login.gov, a shared service fielded by f the General Services Administration, started out as a sign-on service for agencies, and has since expanded to offer identity proofing capabilities. The service is the recipient of its own $187 million TMF award.

So far, several thousand VA users have already moved to Login.gov. The department added Login.gov to VA.gov, the department's main landing page for veterans, in March, John Rahaghi, digital services expert at the VA, told FCW. It's currently offered on many, but not all, VA online services and platforms. 

Currently, the VA is still offering two legacy options and ID.me, an identity verification company thrust into the spotlight earlier this year after the IRS received criticism for using the company's facial recognition features. The VA does not use facial recognition with ID.me, said Rahaghi.

Eventually, the VA's will sunset the legacy credentialing options, although they will still be available in the short term. 

"Having Login.gov as that modern secure government credential is a big step because it allows the VA… not have to rely on or maintain the other government credentials that are not as easy to use or as secure as Login.gov," Rahaghi said. "This is the government providing a service that is on par with anything you could find in the commercial sector or better."

The agency doesn't have any plans currently to move away from ID.me, said Rahaghi, but how many options the department wants to offer "is something that we are looking at, and we're again continually evaluating what is going to make the most sense for us as we move forward."

Now, the VA will be using TMF funding to address three specific challenges with migrating to Login.gov. So far, the VA hasn't spent any of that funding, according to Rahaghi.

The first TMF project is moving users that have already been identity proofed through a legacy option called My HealtheVet, a personal health record service at the VA, to Login.gov.

There are around 200,000 people eligible to be moved, and the VA is hoping to pilot an effort at the end of the year to ask if those people want to be moved to Login.gov, said Rahaghi, who pointed out that the process will benefit the Login.gov team in addition to these individuals by giving them new, already-proofed users. 

The VA is also standing up an in-person identity proofing option through the network of VA facilities, something that will be helpful for people who struggle to go through the identity proofing process online because of a lack of connectivity or existing digital credentials.

"They could go into a VA facility, work with a My HealtheVet coordinator and then walk out with an identity proofed Login.gov account that they could then use when they're at home," said Rahaghi.

The third project is focused on multi-factor authentication, specifically a pilot with security keys that could be used by people that might otherwise struggle with multi-factor authentication. 

Related articles

GSA looks to scale Login.gov with TMF award

TMF announces first-ever investment in VA to support transition to new sign-in service

IRS leader explains why the IRS went to ID.me 

In terms of what the VA's move to Login.gov means for the Login.gov service itself, GSA is already aiming to scale adoption of the service. But some agencies have said that the fact that the service doesn't currently offer digital identity proofing at a certain level, identity assurance level 2, as laid out by guidelines from the National Institute of Standards and Technology has been a blocker for adopting the service. 

Rahaghi previously worked in the U.S. Digital Service as the privacy and security product owner for Login.gov for about one year before and one after the service's launch. He said that the identity assurance level standard offered by Login.gov was "absolutely a consideration" at the VA. 

"We are always looking, as we know the Login team is and really every agency, trying to figure out how to balance the right usability, security, compliance, privacy, fraud mitigation, accessibility - there's a lot of factors," said Rahaghi.

"We need to meet users where they are, so even if the latest and greatest so-to-speak identity proofing technology is in place, that doesn't mean we're going to be able to adopt it at VA right out of the gate," he continued. "We have to consider what user base we have and what users are going to be challenged with… We always want to maintain the highest level of compliance of course, we just have to have a pathway ourselves to get there. So that's how we've been approaching it."

Rahaghi said that the tightrope of balancing accessibility with security comes up "often" at the VA, pointing to the implementation of multi-factor authentication, something mandated by the cybersecurity executive order issued last year.

The VA is implementing multi-factor authentication, but "we still don't have all of our users adopting multi-factor yet because we know that that would lock them out of their accounts," he said. "We need to make sure that we maintain accessibility for our users to their products and services that they depend on."

NEXT STORY: Bill Foster talks digital identity

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.