Ask users forHelp users toSend users

Help users toAccess a service

Also known as: authentication

Let users access a service in a secure way by authenticating themselves.

When to use this pattern

Most one-time services won't need to authenticate their users. When a service does need to verify a user’s identity, it needs to balance ease of access with keeping a service and its user data secure. You should think about this early on when designing your service.

How it works

Access a service with identity documents

Follow this pattern if you are helping users to access a service by authenticating them with an identity document. It could be:

  • the same document they’ve used to apply previously
  • the document your service has on record for them
  • the document that’s attached to their account
An example of a service verifying the user with passport details and date of birth

Access a service with security codes

You can use security codes or two-factor authentication (often shortened to 2FA) to verify a user's identity to let them access a service.

You can use this method of authentication when a service stores user data and allows users to access it. Two-factor helps protect the user and the service.

There are three types of two-factor authentication:

  • something a user knows (password or pin)
  • something a user has (phone or fob)
  • a biometric (fingerprint or voice)
An example of a service verifying the user with two-factor authentication

This pattern is used by:

  • Access UK
  • Apply for the EU settlement scheme
  • Employer checking service

Access a service with reference numbers

A reference number is a simple way to let users access a service. For example, when a user saves progress and needs to return to complete a service.

An example of a service verifying the user with reference number

This pattern is used by:

  • Passport renewals

Accessibility

If your service uses this pattern, let us know of any insights you have on accessibility considerations.

Research

More research is needed. If your service uses this pattern, get in touch to share your user research findings.

Help us improve this pattern

This pattern needs improving. We need evidence about:

  • how to write for this pattern
  • any research findings
  • any accessibility considerations

To contribute, add your thoughts and research findings to our GitHub discussion, or follow our contribute guidance.