IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Making Public Benefits More Convenient and Still Secure

Re-examining password requirements and online workflows, as well as minimizing what data they ask from residents, can help smooth online processes while also maintaining security.  

A medicaid.gov web page
Medicaid screen shot
Application processes for vital public benefits online can be more user-friendly without sacrificing cybersecurity, said speakers at Georgetown University’s recent Digital Benefits Conference (BenCon).

Too often, people facing a sudden financial shock must struggle to navigate complicated state benefit application systems. As a result, many eligible recipients miss out on the support they are entitled to, the federal government reported last year. But new advice is coming from the Federal Facing Financial Shock Identity Management team, which plans to publish playbooks advising states on Medicaid and Supplemental Nutrition Assistance Program (SNAP) account creation that better balance usability, security, reliability and equity.

The federal Food and Nutrition Service tells states to allow residents to apply for SNAP benefits, so long as they provide their name, address and signature, with any other requested information optional. But when the team examined 11 benefit application workflows, it found 45 percent of them contradicted this, said Yan-Yin Choy, product manager at Nava, a technology consultancy and public benefits corporation that has worked on public benefits modernization.

Residents were often asked to create accounts before proceeding to the application. That’s a problem, because some people may find account creation cumbersome, especially if they struggle with setting up multifactor authentication. Getting caught up at this stage can then delay users from finishing applications and, ultimately, receiving benefits. Instead, users should be allowed to finish submitting benefits applications first, before dealing with other concerns, thus ensuring the application is filed and moving along promptly.

Kennedy Alexis, a product manager at the U.S. General Services Administration, said that while complex passwords have long been popular, states would be better off without requiring them. Instead, they should just ask for long passwords. Longer passwords stand up better than short ones against brute force attacks, and letting people use passwords they can remember makes logging in easier. It also saves case workers and call center staff time they might otherwise spend helping people with resets. Those requests can get intense, with one state receiving 900 password reset requests in 2013.

The overall goal of this federal effort is to get to a point where people can apply for crucial services within 20 minutes, get enrolled within 24 hours and receive services within a week. Another key aim: let people only provide their information once.

Maryland is one state that’s been taking a more discerning eye to the data it requests from residents, said Patrick McLoughlin, executive director of the Maryland Total Human-Services Integrated Network. Applicants are often asked to spend hours answering questions before agencies have ensured that the information is actually necessary, McLoughlin said. Minimizing information requests would both improve resident experience and reduce the amount of sensitive data the state is collecting.

The state also sought to reduce the need for residents to re-provide information to one agency that they may have already given to another agency. To do this, Maryland stores data in a central platform that various agencies can view. This platform-based approach also prevents duplicate copies of data, and the state aims to let agencies just see the details relevant to their needs, not full data sets.

Another way to ease resident experience is by letting users who’ve verified their identities with one government benefits service avoid having to re-verify when seeking to access another benefit. For example, Hanna Kim, the General Services Administration’s director of Login.gov, said an integration let Hawaiians use the same credentials for multiple purposes.

“We don't want people who are at the darkest times of their experience to have to figure out single sign-on and figure out proving their identity over and over again,” Kim said.
Jule Pattison-Gordon is a senior staff writer for Governing and former senior staff writer for Government Technology, where she'd specialized in cybersecurity. Jule also previously wrote for PYMNTS and The Bay State Banner and holds a B.A. in creative writing from Carnegie Mellon. She’s based outside Boston.