Thinking about authentication

Five years ago I blogged some thoughts on authentication and how confusing it is.  I thought it might be interesting to revisit this in the light of the recent report sponsored by OpenAthens on “Librarians’ experiences and perceptions of Identity and Access Management”. I also had a long chat with Phil Leahy at UKSG which is always a pleasure.

I broadly agree with the report – everyone wants things to be seamless, no one wants to login, no one wants to understand technical matters / terms.  From my NHS perspective we have pretty much always needed to treat everyone as “offsite” as IP access is rarely an option.  Perhaps the increasing demand evidenced in the wider community will drive some neat solutions?

Challenges of offsite access

I thought it interesting that the library staff felt that offsite access was a bigger challenge to their skills and knowledge than to that of the users and their increasingly complex journeys.  We spend a lot more time worrying about these things than the users! I would expect a somewhat different result if users were asked.

In the solutions section I was excited to see the potential discussed for recognising multiple affiliations – this would be a real game changer (alongside some licence work).  Increased granularity is something we can see coming in the changes to NHS OpenAthens but this needs to be accompanied by changes to allow automated allocation to different permission sets by user type.

In terms of my thoughts from five years ago – how have we done?

Many of the issues remain the same and are tied up in the nature of authentication – people do need to identify themselves and remember their login details.

The change to a two step authentication has been accepted by the users and meets the need to increase control over potential dubious registrations.

Problems with over convoluted login paths remain (and remain within the remit of the publishers who should be doing better) as does inconsistent use of terminology.

A new problem comes from the stricter password rules which place a higher level of security on OpenAthens logins than near any other system I use (numbers and letters, at least 8, no sequences, no “weak” words). The biggest set of problems relate to the implementation of a new self registration form for the NHS (by NICE and outside the control of EduServ).  This fails on multiple browsers and is particularly unhelpful around the password issue simply telling people they have made an error but not what it is or how to fix it.  Moves are underway to sort this but given it has been in excess of four months since the new password rules were introduced a solution is not being rushed.  I feel sorry for EduServ who look bad but cannot resolve it, for people trying to manage registrations and (more than anything) for those trying to register.

So more progress required.

Looking at the new NHS Evidence

NHS Evidence 2015 screen shot

A screen grab of the 2015 revision of NHS Evidence

There has been a significant update to the main portal for NHS staff seeking the evidence for patient care.  The vast majority of the site is freely available to anyone in the UK so it is applicable to both NHS and student / academic users.

NHS Evidence has a snazzy new (fully responsively designed) look.  The giant eye ball is no longer quite so prominent (the extent to which it looks like a liquorice allsort has increased) but the changes are much more than cosmetic.

The main search box (Evidence Search) has been revamped with the promise of speedier time to answer and enhanced results.  I think it succeeds in this.  Filters have been improved to help people narrow their search and the interaction is certainly less faffy than before.  The old topic pages have disappeared but many searches will return handy context specific materials in the right hand column.

These offer things like information on medications from the British National Formulary (BNF), Clinical Knowledge Summaries and NICE guidance arranged by patient pathway.  NICE Pathways is a brilliant distillation of some times unwieldy NICE Guidance into manageable chunks linked to the progress of a patient through their care.  This gets appreciative noises from all the people I have shown it to.

The BNF access is login free which is a boon as the old BNF site has switched to needing the login prompting grumblings from @BenGoldacre amongst others.

A small number of people may be annoyed by the loss of the MyEvidence section.  This allowed people to save searches on Evidence Search and links to documents.  It has been withdrawn pending a revised offer.  I am not sure too many people will be affected (unlike the upcoming saved search issues with HDAS)

The NHS Journals and Databases page looks a bit smarter and can be accessed from the tool bar on all the pages of the NICE website.

Generally I think this is a good enhancement.  I hope this done there will now be a bit of capacity to develop HDAS.