Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » Authentication » authentication-preview » Online authentication - FAQs

Online authentication - FAQs

Frequently asked questions

If you have a question about online authentication for e-government please email authentication@ssc.govt.nz. Answers to questions of common concern will be added to this page.

Does this mean I will have to carry around an identity card to access online government services?

No. None of the conceptual models require an identity card.

What safeguards are there?

Registering to obtain electronic credentials to use secure online services will involve a thorough check of your identity, so that we can be sure you are who you say you are. In all of the conceptual models the enablement code, which allows you to set up your username and password, will be sent to you in a secure way. The combination of a username and password is already widely used for access to secure online services, such as Internet banking. In addition, any information travelling across the Internet between your computer and the government agencies you deal with securely online will be encrypted.

Will I have to use online authentication?

If you want to use secure online services you will have to use online authentication.

How soon will all this happen?

Government will make a decision on the approach to online authentication by mid-2003 and implementation will follow.

Who makes the decisions?

Cabinet will decide the approach to online authentication across government based in part on the comments you provide to the consultation paper. Cabinet will also consider the implications for agencies, such as the cost of providing the preferred solution.

What is the difference between ‘registration’ and ‘enrolment’?

None. Registration and enrolment are two words that mean the same thing in this context.

Will I have to go through a long-winded registration process each time I want to use a service?

No. You register once to use a service or a range of services. Registration is the first step in the authentication process that establishes the authenticity of your identity. Once your identity has been authenticated, you can use your credentials (usually a username and password) each time you want to access the online government service.

Does this mean government agencies are going to share my personal information?

In Models One and Three identity and service-delivery information is passed between the authentication agency and the service agency. In none of the models is information exchanged without your consent. No information is exchanged without your say so between authentication agencies or between service agencies.

Why does it sound so complicated?

In the consultation document we talk in some detail about what happens in the background so that you can understand how your information is being handled and protected and how agencies might work together. You do not need to understand this level of detail to use a secure online government service.

Once you have your credentials, it is very easy to access secure government online services. You just provide a username and password. Getting the credentials in the first place can seem fairly complicated, but each of the steps is designed to protect your privacy and ensure you can deal securely with government agencies online.

Will I get my credentials immediately?

The first time you want to use a secure online government service you will have to wait perhaps a few days before you get your credentials. Credentials are issued only after a thorough check to ensure your identity is authentic. This cannot be done completely online, and may involve someone phoning you to check your details. If everything checks out you will be sent an enablement code which may be posted to your address. Using a postal address rather than an email account is one of several security measures designed to protect your personal information.

How will an agency know that it is me sitting at the computer and not someone pretending to be me?

Your credentials identify you uniquely, which is why you must not share your credentials with anyone else. When they are used to access a secure online service, the agency knows it should be you because you are the only one that knows your username and password.

What happens if someone gets hold of my password and impersonates me?

This should not happen if you keep your password secret. You should notify the authentication agency as soon as you realise this may have happened. Changing your password regularly is a good way to ensure no one else can use it.

What happens if I forget my password?

There are various ways that a government agency might handle this. One way involves you choosing a combination of questions that you are unlikely to forget the answer to and which other people cannot easily guess. For example “Your mother’s family name?”. You do this when you choose a username and password.

Can I share my password with someone in my family?

No. You should keep your password secret. You will be personally responsible for the consequences of using the password.