Whistleblowers raise ‘extreme’ concern about security of government’s Digital ID | ITV News

My understanding from friends is One Login is a glorified bastion host that reliant services & parties are obligated to blindly trust, making it a giant SPOF; that alone would be terrifying at national scale, but then: this:

“Whistleblowers have told ITV News that One Login is failing to meet the mandatory, minimum government cybersecurity standards, ‘Secure by Design’ and the ‘Cyber Assessment Framework’”

https://www.itv.com/news/2025-12-18/whistleblowers-raise-extreme-concern-about-security-of-governments-digital-id

y'know, I have to wonder how the UK is gonna implement onelogin when it is not secure by most standards.
#onelogin is pretty funtimentally not #secure and this was actually proven by the IA (information assurance) team that supposedly help the UK secure the onelogin portal.

watch this video to see what I mean
https://www.youtube.com/watch?v=HWuNyiYftZw
(1/2)

"The Lib Dem peer said he had been told by an official that #OneLogin would not pass the required security tests until March 2026. The whistleblower also highlighted an incident from March this year, when a so-called "red team" tasked with simulating a real life cyber attack was reportedly able to gain privileged access to One Login systems."

#UKPol #DigitalID #IDCards #No2ID

https://www.bbc.co.uk/news/articles/c5y930x81wpo

“We do not guarantee that GOV.UK One Login will always be available, or that access to it will be error free. We will provide a way for you to report problems with GOV.UK One Login”

Wow. Reference to “Safari 12” suggests this is 2018-era technology, at best:

Terms and conditions – GOV.UK One Login

https://signin.account.gov.uk/terms-and-conditions archived at https://archive.ph/yTPbc

#digitalId #idCards #kierStarmer #oneLogin