How many igovt IDs are real?

Department of Internal Affairs admits it doesn't know how many duplicate igovt logons are being created

How many "real mes" are there using the igovt identity management system?

As the Department of Internal Affairs and NZ Post ready the service for its transition to private-sector use under the RealMe rebranding later this year, DIA admits it doesn't know.

"As at the end of February [this year] 853,110 igovt logons had been created," says a DIA spokesman's emailed reply.

"Because of the privacy-protective design of the service, the igovt logon is not linked to identity information and there is no way to know how many users this indicates.

"The igovt identity verification service is the piece that links a credential (an igovt ID) to a person," the spokesman explains. "An igovt logon is a secure username and password for access to multiple online services."

A source close to the operation of the system has told Computerworld some people have as many as five different logon identifier-password pairs. These may have arisen deliberately, through users wishing to guard against the possibility of cross-matching of their identity between government agencies, but more often, we are told, duplication occurs simply through forgetfulness. If a user forgets their logon ID or password, it is less trouble to create a new one than to ask a helpdesk to remind them.

"The department discourages people having multiple igovt logons, due to the operational issues this causes for the user and the service they are trying to access," says the DIA spokesman.

"The benefit of the igovt logon service for the user is [in] only needing to remember one username and password."

When the expanded RealMe starts up and people with several igovt logons go to their NZPost outlet to get their RealMe credential, "the same process will take place as currently exists with the igovt identity verification service," DIA says.

"The user will have to choose one RealMe logon to link to their verified identity. This is the only RealMe logon they can use to prove information online. If they choose to have other RealMe logons for services that do not require identity information, they will still be able to use them for that purpose."

If a person has two or more igovt logons, says DIA "they can go to, click on 'Manage my logon' and combine the two logons into one, effectively choosing to replace one of the logons with the other, so they don't lose access to anything, and making it easier for them to remember their igovt logon. We encourage this in our communications to users."

There is currently no clean-up process for logons that were forgotten and are therefore no longer active, DIA says. "We may consider data cleansing in the future for logons that have not been used for a number of years. This is not a current requirement so the process around this has not yet been designed.

"We are considering the best process for deleting unused igovt logons. This would be likely to require a change to the current Terms and Conditions of the service and an email to the registered email address, asking if the logon is still required."

Join the CSO newsletter!

Error: Please check your email address.

Tags Government use of ITsecurityAccess control and authenticationgovernmentDepartment of Internal Affairs

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stephen Bell

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts