The government on Tuesday changed the lock on the front door into federal employment in a way intended to make it easier for job-seekers to get in and to better protect their personal information inside.
Two-factor authentication is now required for the usajobs.gov site, the central repository of job openings where an average of 20,000 vacancies are posted at any one time. In addition to a username and password, users now must provide either a cellphone or a landline number to receive a code to be entered each time.
“We’re really excited about the positive impact to the user experience,” said USAJobs program manager Michelle Earley of the Office of Personnel Management. She said that more than 60 percent of user support needs are related to authentication.
Although individual agencies make hiring decisions, the OPM operates the central job-application site, where prospective federal employees — and current ones looking to change jobs — can create résumés, and search and apply for openings. About 11 million people have accounts.
The change to using the central login.gov portal for accessing USAJobs is the latest in steps aimed at improving what can be a tortuous process of seeking to work for Uncle Sam. The OPM revised the site extensively in late 2016 to better explain how the hiring process works and to help job-seekers better target their efforts. That included inviting them to create a profile that would help them pick the best matches and by stating more clearly if openings are restricted to certain applicants, such as current or former federal employees.
Earlier changes included making the site usable on all devices and operating systems, rewriting content to put it in plain language and allowing applicants to track where they stand in the process.
Those changes in part reflected user feedback; in particular, complaints that the process of applying for a federal job is too slow, complex and opaque.
One of those frustrations focused on USAJobs passwords, which had to be at least eight characters and meet several other criteria. Also, passwords would expire if users had not logged into the site for more than 90 days, a restriction that has affected many account holders not actively looking for a job. After one year of inactivity, accounts were locked, and users had to call a help desk to reinstate them. After three years of inactivity, they were deleted.
Passwords now can be simpler, and while USAJobs accounts still will be deleted after three years of inactivity, login.gov accounts don’t expire.
And in terms of security, “two-factor has always been the gold standard, and this gets us there,” Earley said.
Several other agencies already are using login.gov, including three Customs and Border Protection sites, with others to follow. Many federal employees already have login.gov accounts, so with the changeover for USAJobs, “they’re not being sent off to somewhere they don’t know,” said login.gov Executive Director Joel Minton of the General Services Administration.
The GSA developed login.gov and makes it available for other agencies to use on a reimbursable basis.
In the long term, login.gov is envisioned as “the standard sign-in for any site where the public is signing in for a service,” Minton said. Many agencies have multiple log-in platforms for their various benefits and services that could adopt login.gov as a standard entryway, he said.