Nearly half of the major Federal government agencies that use Login.gov have reported challenges involving technical issues such as not having visibility into authentications, high failure rates, and lack of fraud controls, a new report from the Government Accountability Office (GAO) says.
The Login.gov platform is administered by the General Services Administration (GSA) and acts as a “front door” to the Federal government, serving more than 50 agencies and nearly 300 million sign-ins annually since 2017.
According to the Oct. 16 GAO report, 21 of the 24 CFO Act agencies reported using Login.gov for identity proofing services. The Department of Housing and Urban Development, the Department of Justice, and the Nuclear Regulatory Commission are the three agencies that do not leverage Login.gov.
Notably, nine of those agencies that do use Login.gov identified technical issues with the identity-proofing platform.
For example, the Department of Labor (DoL) reported the lack of real time visibility into application authentications as being a major challenge. DoL noted that real-time visibility is essential for identifying and addressing potential security threats, performance issues, or compliance issues in a timely manner.
The Small Business Administration said that their public users experienced difficulties accessing and setting up Login.gov accounts, noting a 30 to 40 percent failure rate during account creation.
Further, the U.S. Agency for International Development reported that Login.gov’s authentication option that uses text messaging and phone calls is not available in some countries, which impacts their employees’ ability to access the agency’s Development Information Solution.
Officials at Login.gov – which is overseen by GSA’s Technology Transformation Service (TTS) program – said that they are communicating with agencies and taking steps to address the reported technical challenges. However, the affected agencies said that GSA has not yet provided solutions or timelines to address these challenges.
“Without GSA-proposed actions and time frames for addressing the challenges, agencies will continue to experience technical issues with the system,” the report says. The watchdog recommended that TTS propose actions to address the technical challenges for Login.gov and develop mutually agreed-upon time frames with the agencies for taking those actions. GSA agreed with this recommendation.
Agencies also reported benefits to using Login.gov, including cost savings and improved operations and user experience.
The GAO report – which was based off of interviews with agency officials in July 2024 – was also prodding GSA on its remote identity-proofing pilot program which launched in May and was completed last week.
GSA announced on Oct. 9 that Login.gov will now offer facial recognition technology to all of its partners as an identity verification offering.
Twelve agencies had cited Login.gov’s lack of alignment with National Institute of Standards and Technology’s (NIST) digital identity guidelines as a challenge, but during its pilot phase, the new facial recognition technology was independently certified to be in line with NIST’s Identity Assurance Level 2 (IAL2) requirements.
“We confirmed that GSA obtained the IAL2 certification and verified that the agency now considers the pilot complete,” the report concludes.
