How to use authenticators to protect an online service (1. 0)
This guidance, also known as Good Practice Guide (GPG) 44, will help you choose an authenticator that will give you the level of protection that’s most suitable for users accessing your service.
Documents
Details
This guidance, also known as Good Practice Guide (GPG) 44, will help you choose an authenticator that will give you the level of protection that’s most suitable for users accessing your service. It describes a methodology for assessing the level of protection achieved by authenticators of different types and of different quality.
This is the pre-release of the 1.0 publication of GPG 44. It coincides with the publication of the pre-release of the 1.0 UK digital verification services trust framework. It has been published for business readiness purposes.
Once Conformity Assessment Bodies (CABs) have been accredited to certify services against the 1.0 trust framework publication and certifications can proceed against it, this guidance will be republished and clearly labelled as the final publication.
Services demonstrating compliance with GPG 44 as part of certification against the 1.0 trust framework will have to comply with this version of GPG 44.
This is the first version-controlled publication of GPG 44. The most recent non-numbered version of GPG 44 (titled ‘Using authenticators to protect an online service’) can be found on GOV.UK and is, from the date of this publication, to be considered as the 0.4 version of GPG 44.