Access a service
Let users access a service in a secure way by authenticating themselves.
When to use this pattern
Most one-time services won't need to authenticate their users. When a service does need to verify a user’s identity, it needs to balance ease of access with keeping a service and its user data secure. You should think about this early on when designing your service.
Access a service with identity documents
Follow this pattern if you are helping users to access a service by authenticating them with an identity document. It could be:
- the same document they’ve used to apply previously
- the document your service has on record for them
- the document that’s attached to their account
Access a service with security codes
You can use security codes or two-factor authentication (often shortened to 2FA) to verify a user's identity to let them access a service.
You can use this method of authentication when a service stores user data and allows users to access it. Two-factor helps protect the user and the service.
There are three types of two-factor authentication:
- something a user knows (password or pin)
- something a user has (phone or fob)
- a biometric (fingerprint or voice)
Services using these patterns
- Access UK
- Apply for the EU settlement scheme
- Employer checking service
Access a service with reference numbers
A reference number is a simple way to let users access a service. For example, when a user saves progress and needs to return to complete a service.
Services using this pattern
- Passport renewals
More research is needed. If your service uses this pattern, get in touch to share your user research findings.
If your service uses this pattern, let us know of any insights you have on accessibility considerations.