Logging in to GOV.UK

This week the RFC was accepted, so we now have a broad consensus across the programme about how logging in to GOV.UK will work. Well, a broad consensus amongst the people who cared to read and comment on it, at least. There were a few significant changes to my original idea, which have resulted in a simpler proposal, so it’s good that we went through the RFC process.

I’ve written up a bunch of cards to do the implementation work, and hope we can get on with that over the next couple of weeks.

Multi-factor Authentication

I finished off and deployed an improvement to our current MFA implementation this week. Previously we sent users a 5-digit code via SMS every time they logged in. Now there is an option to remember a device for 30 days (by setting a cookie), which skips MFA. MFA is still needed if you want to change your email address, password, or MFA device.

Another dev on the team is looking into WebAuthn, a standard way of doing MFA which works with Yubikeys, biometric scanners, private keys, and so on. We had to learn about secure contexts to get this working on our local dev set-ups.

The future of the team

Finally, there have been some more revelations of what the future of the team will look like, and how the grand plan for a single cross-government account will progress. Things are getting more concrete, and I’ve seen a speculative (internal) roadmap, which is reassuring.


This week I read:

  • The Crippled God by Steven Erikson, the tenth and last of the Malazan Book of the Fallen.

    Wow, what a series! This is going to leave a fantasy-shaped hole for a while, I’ll need to look into the other books outside of the main series.

    Even during this big dramatic end-of-series book, with the fate of the world in the balance, Steven Erikson still found room for humour. A group of T’lan Imass are facing down an enemy army, when they’re suddenly drenched with the blood of Fener. Miraculously, they’re reborn! Mortal once more! Onos T’oolan thinks “this was poorly timed.”

    Do I recommend Malazan? Definitely yes.

  • The first issue of Knock!, an OSR zine which got kickstarted recently.

    There’s a lot of good stuff in this. Most (or even all?) of it is blog posts. Some of it I had read before, most of it I hadn’t, so that was fine. I think they’re looking for more original content for the second issue. The typesetting is great, each article has a unique style, which works because they’re all self-contained.


I’ve started putting together a new blog on RPGs. I’m pretty happy with the design and structure now, but I want to get a few posts published and a bunch more written before I start to publicise it. Current ideas for topics are:

  • GM tips & tools
  • Mechanics & theory
  • Reviews / overviews of systems and supplements
  • Link roundups (probably not weekly though)
  • Short adventures

For example, after I play Troika! with my Call of Cthulhu group, I’ll write up one post on how we found Troika! and one on the scenario I’m designing.

Previously I had mused on starting a series of memos about software I use, but I suspect I don’t really have anything interesting to say about most of my software choices. It would just be writing for the sake of writing. Whereas I think I do have interesting things to say about RPGs.


Video Games

Roleplaying Games