Tuesday, January 30, 2018

It Looks Like The Big IT Of The DHS Are Struggling Again With The Little Things.

This appeared last week:

DHS offers one-time passcodes for myGov login

By Allie Coyne on Jan 23, 2018 2:52PM

Updated: But early reviews aren't good.

Australians can now continue using two-factor authentication on their myGov accounts when overseas or out of mobile range through new one-time access codes.
But early reaction to the service has not been as positive as the Department of Human Services might have hoped.
The myGov Access mobile app - available on Android and iOS as of last month - replaces the SMS code or secret questions and answers that have until now been required with a person's username and password to log into the online service portal.
The one-time codes address an issue with SMS two-factor authentication that meant users who were unable to receive an SMS based on their network coverage faced being locked out of their myGov account.
DHS previously advised users in such situations to switch off two-factor SMS authentication prior to entering an SMS dead zone. Login then reverts to requiring responses to security questions.
Once a person has been locked out of their account, they have no option but to create a new one - MyGov does not offer an account recovery feature - which has led to people operating multiple myGov accounts under the same name. 
The new myGov Access app is "ideal for people going overseas or where mobile reception is poor," according to the department.
The app creates a six-digit one-time code that can be used alongside a username and password to sign into myGov. A new code is created every 30 seconds and is valid for a maximum of 60 seconds.
The app can, however, only be used on one mobile device.
"If you change your device or want to delete the app, you must first go to your myGov account settings and change your sign in options," DHS says.
Uninstalling the app risks locking the user out of their account.
More of the gory details here:
https://www.itnews.com.au/news/dhs-offers-one-time-passcodes-for-mygov-login-481634
You really would think they would sort all this out before releasing it on an unsuspecting public.
Note, of course, that this gateway is the path to the myHR….
More work needed it would seem!
David.
at

2 comments:

  1. AnonymousJanuary 30, 2018 1:36 PM

    - MyGov does not offer an account recovery feature -

    That is appalling. mygov seems to have been designed by the same incompetents as did myhr. Someone should hit the government with a cluestick - very, very hard.

    ReplyDelete
  2. AnonymousJanuary 31, 2018 11:26 PM

    @ Anonymous Jan 30 1:36pm
    It was originally ausgov and designed by Dept of Finance & inherited by DHS. Sadly the "incompetents" as you describe them, as did PCEHR/mhHR had to work with what they were given.

    ReplyDelete