Blog

The Canton of Basel-Stadt is modernising the registration and login processes for its online services. As part of this modernisation, the federal authorities' AGOV login has been integrated. → Media release (German)

The new, additional communication channel my.lu.ch is now available to the public and businesses. → Media release (German)

Blind and visually impaired users can use AGOV without accessibility issues. The Federal Chancellery had AGOV tested by the Swiss Association for the Blind and Visually Impaired – specifically by one blind and one visually impaired test user. Both were able to use AGOV without accessibility issues, i.e. the AGOV content was correctly reproduced by screen readers and on braille displays. Accessibility of the AGOV access app is also ensured, because the Android and iOS operating systems are optimised in this regard. The blind test user found that using a physical security key (FIDO USB stick) was more practical than the AGOV access app, as the app involves trying to scan the QR code on the screen (many blind internet users either do not have a screen or do not switch it on). AGOV now contains a comment to this effect, which is read aloud by screen readers.

The authentication service of the Swiss authorities (AGOV) went into operation in two pilot cantons today. The standardised login will facilitate the electronic use of federal, cantonal and communal public services. For instance, the AGOV login can be used in the cantons of Zurich and Appenzell Ausserrhoden for quick and easy access to the online tax return. The planned state electronic ID (e-ID) will also be linked to the AGOV login. AGOV is part of the Digital Public Services Switzerland (DPSS) agenda.https://www.bj.admin.ch/bj/it/home/aktuell/mm.msg-id-99665.html

AGOV is being tested for vulnerabilities by means of penetration testing and a bug bounty programme. A login procedure must be very secure, and the security aspects lie in the AGOV software, the operating platform, including the database, and the network connection. For this reason, security tests must be carried out on the whole system, preferably the productive version. The Federal Chancellery has commissioned the Federal Office for Defence Procurement, armasuisse, to perform penetration testing. The armasuisse specialists attempt to carry out unauthorised transactions on AGOV; they have detailed knowledge, including the source code. The Federal Office for Cyber Security runs a bug bounty programme, which is also being used to check AGOV. This involves the use of ethical hackers, who simulate attacks without being party to system details. The ethical hackers receive a reward (bounty) for each vulnerability they report. Any non-critical vulnerabilities that are detected are remedied within a few days, while critical vulnerabilities are rectified the same day.

In order to gauge acceptance, a semi-functional AGOV prototype has been made available for the public to try out. Acceptance of a digital product by stakeholders, especially end users, is crucial to its success. Reliability, simplicity and aesthetics of the digital product lead to a high degree of acceptance. With AGOV, all aspects were optimised in line with the state of the art. The prototype was already trialled on a small and diverse group of pilot users, with positive results, before it was released to the public. The semi-functional prototype is now available to the cantons and other interested parties until the end of this year, so that they can carry out their own evaluation. The AGOV team will collate any requests and implement them, if possible before AGOV goes live in January 2024. The prototype is semi-functional, because Swiss Post's BmID identity verification procedure and video identification are emulated, which considerably facilitates repeat testing. A test application is linked to the prototype, which means that a login target is available and the Swiss authorities can link their test target systems to the prototype. The prototype will be presented to the Swiss authorities on 17 August 2023 in the Haus der Kantone as part of Digital Public Services Switzerland (DPSS). Participation via Microsoft Teams is also possible.