How many "real mes" are there using the igovt identity management system?
As the Department of Internal Affairs and NZ Post ready the service for its transition to private-sector use under the RealMe rebranding later this year, DIA admits it doesn't know.
"As at the end of February [this year] 853,110 igovt logons had been created," says a DIA spokesman's emailed reply.
"Because of the privacy-protective design of the service, the igovt logon is not linked to identity information and there is no way to know how many users this indicates.
"The igovt identity verification service is the piece that links a credential (an igovt ID) to a person," the spokesman explains. "An igovt logon is a secure username and password for access to multiple online services."
A source close to the operation of the system has told Computerworld some people have as many as five different logon identifier-password pairs. These may have arisen deliberately, through users wishing to guard against the possibility of cross-matching of their identity between government agencies, but more often, we are told, duplication occurs simply through forgetfulness. If a user forgets their logon ID or password, it is less trouble to create a new one than to ask a helpdesk to remind them.
"The department discourages people having multiple igovt logons, due to the operational issues this causes for the user and the service they are trying to access," says the DIA spokesman.
"The benefit of the igovt logon service for the user is [in] only needing to remember one username and password."
When the expanded RealMe starts up and people with several igovt logons go to their NZPost outlet to get their RealMe credential, "the same process will take place as currently exists with the igovt identity verification service," DIA says.
"The user will have to choose one RealMe logon to link to their verified identity. This is the only RealMe logon they can use to prove information online. If they choose to have other RealMe logons for services that do not require identity information, they will still be able to use them for that purpose."
If a person has two or more igovt logons, says DIA "they can go to www.i.govt.nz, click on 'Manage my logon' and combine the two logons into one, effectively choosing to replace one of the logons with the other, so they don't lose access to anything, and making it easier for them to remember their igovt logon. We encourage this in our communications to users."
There is currently no clean-up process for logons that were forgotten and are therefore no longer active, DIA says. "We may consider data cleansing in the future for logons that have not been used for a number of years. This is not a current requirement so the process around this has not yet been designed.
"We are considering the best process for deleting unused igovt logons. This would be likely to require a change to the current Terms and Conditions of the service and an email to the registered email address, asking if the logon is still required."