Transformation Directorate

Passwordless login

Owner

Passwordless login is developed and owned by NHS Digital. The project is licensed under the MIT licence, which allows for free use of the software for modification, distribution, private use and commercial use.

Background

Healthcare information has historically been held by many different agencies. As a result, patient access has generally been slow, complicated, and frustrating. The NHS App (introduced in 2018) instead enables users to access healthcare data on their phone or tablet on demand. During its pilot phase, most users said they used the NHS App to view their medical records.

Situation

Users log into the NHS App with their NHS login to prove they are who they say they are. The login process should ideally be simple, but the challenge is to make it simple and secure. User feedback has shown that two-factor authentication is “an annoyance” but secure access is vital for sensitive health data. Login should be simple and quick for the user, without compromising security.

Aspiration

  • Make it easier for users of both iOS and Android (the two major mobile phone operating systems) to use fingerprint or facial recognition to log into the NHS App.

Solution and impact

The NHS Digital team decided to implement the Fast-Identity Online (FIDO) Universal Authentication Framework (UAF) protocol so that mobile device users could log into the NHS App the same way they do for many other kinds of secure access (mobile banking, for instance). Apple iOS users could choose to log into the NHS App using FaceID or TouchID, while Android users could also log into the App using fingerprint or face login. Sean Devlin, Tech Lead on the NHS App, says that the main reason the protocol was open sourced was because the project was implemented in two different languages - one for iOS and one for Android.

Working with open source code means that teams can often avoid having to start from scratch, especially in commonly used software environments. Retaining the licences of re-used components and applying them to new work then encourages further development. As iOS and Android change and evolve, there could be a time when this new NHS login protocol works less well with those systems. Open source makes the approach more robust to change, enabling others to update and improve the work, keeping it in circulation for much longer without substantial further investment.

Sean points out,

To make login both secure and simple the selected plan was to introduce biometric login. Biometric is a term that can make people slightly nervous. However, we do not store or even come into contact with any of the user's biometric identification; this is all handled by the device itself… It was just a matter of listening to the user research and making the change. The main challenge was [...] the iOS implementation of it, which was quite tricky from a technical point of view, and time-consuming [...] that's why we wanted to make sure that we open-sourced it, so that other people found it easier.

Functionality

Passwordless login is a privacy-retaining technology that makes it much easier for mobile users to interact with the NHS App without compromising security.

Capabilities

  • Works on iOS and Android mobile operating systems.
  • Facial and fingerprint access for iOS, fingerprint access for Android.

Scope 

Deploying with FIDO and open source code means that other NHS Login partners can reuse the work: but beyond code, those same partners can reuse the team’s high-level design and implementation approach. This makes it much easier for anyone dealing with the quirks of iOS and Android development to include passwordless login for NHS services in the future, even beyond the App.

Key learning points

  • Apple provides a common interface. With iOS, there are a limited number of different devices - TouchID and FaceID are offered based on the device type. The team decided to develop and cater for both.
  • There are not a lot of resources for iOS, so open-sourced applications are even more useful and important.
  • Android is a little trickier due to differences between the way multiple manufacturers handle hardware and keystore (where encrypted secrets are kept). Some Android models provide facial recognition but the team decided to focus on fingerprint recognition for all Android devices.
  • About 10 days per year are needed for maintenance of this work. Open source makes it easier to bring new staff into that maintenance cycle, and means that any maintenance needs can be kept low if the system is recycled and reused.

Digital equalities

Using passwordless login makes the NHS App more accessible for a wider set of users.

Give us feedback

Open Source Digital Playbook feedback survey

Disclaimer

These case studies summarise user and patient experiences with digital solutions along the relevant care pathway. Unless expressly stated otherwise, the apps and digital tools referenced are not supplied, distributed or endorsed by NHS England or the Department of Health and Social Care and such parties are not liable for any injury, loss or damage arising from their use.

All playbook case studies have either passed, or are currently undergoing the Digital Technology Assessment Criteria (DTAC) assessment.

Please note the full legal disclaimer: NHS England playbook disclaimer

Page last updated: September 2022