You wouldn’t expect a secure login service provided by the Department of Internal Affairs to arouse strong emotions, but Dylan Reeve finds that RealMe is one of the nation’s most loathed public services. He explores why for IRL.
For some people, the recent arrival of the My Covid Record and My Vaccine Pass services was the first time they’d encountered the government’s official online identity service, RealMe. For others, the RealMe logo sitting on the login page was like confronting an old nemesis again.
“I hate RealMe with a visceral loathing,” begins one tweet from a user trying to setup their RealMe account, followed soon after by: “Every step is so convoluted, prone to breaking down and fucking pointless.”
“Who created RealMe and why do they hate people[?]” asked another Twitter user. But many other users describe a painless setup process and a good experience every time they use it.
I hate RealMe with a visceral loathing. I can’t verify unless I add my phone number. It won’t let me add my phone number because it’s already being used. Who frikken cares about a frikken phone number in this context. This should not be a frikken dealbreaker for verification
— Gina Rangi (@GinaRangi) February 25, 2020
Who created RealMe and why do they hate people
— Emma Helleur (@EmmaHelleur) June 9, 2020
Most New Zealanders can register for the various Covid-related web services without using RealMe, but for those without certain identity documents, especially immigrants to New Zealand, it may be the only option. Others simply didn’t realise they could avoid it.
The service, managed by the Department of Internal Affairs, was launched in 2013, but went largely unnoticed by most New Zealanders for a couple of years. The mission is to provide a single secure login that can be used for multiple government and private sector services — one that can be used to verify your real legal identity online.
In 2015, the service saw significant growth when it was integrated with online passport applications and, a few months later, the StudyLink student loan service, and since then it’s been incorporated into most government online services, sometimes as the only way to register, and is also used by private businesses like banks and education providers.
In attempting to canvass opinion online about RealMe, there seem to be two basic experiences that broadly break down into either, “It’s a breeze” or, “Oh my god, this is a kafkaesque nightmare” – there really isn’t much middle ground. The difference between these experiences is often marked by whether the user has a “verified” account.
Maria Robertson, deputy chief executive of service delivery and operations at the Department of Internal Affairs, agrees about the division of opinion, but points out that the vast majority of interactions go well. “It’s used to access 139 different services about three million times a month,” says Robertson. “About 95-96% of the time it’s without any drama or concern.” A forgotten username or password is by far the most common issue.
For some purposes, it’s enough to just have a basic RealMe account, which is not much more complicated than any other online account secured with a username and password, and attached to an email address and phone number. But for other services, especially the more sensitive government interactions, it’s necessary to have a verified identity – a process requiring a lot more work.
To become verified, you need to provide identity documents (passport, birth certificate, immigration records or citizenship certificate) and have a photo taken. This last step used to (and still does, for some people) require a trip to an AA location, although can generally be done online with a cellphone or webcam now.
The other key difference between the basic and verified RealMe identities is the need for 2FA (two factor authentication), either having a code sent to your phone by text message or using an authentication application.
“We’re constantly looking at this and saying, ‘Where are the pain points, where are people getting stuck?’,” says Robertson. “It tends to be around users not having the right [documents] or they used a shared email address.”
For software engineer Michael Koziarski, the biggest problem with RealMe is its small scale and limited necessity. “You want an identity system to be something which people use regularly, but for most people the best case scenario is they use it three or four times a year, and then forget their login details and have to go through a complicated reset process,” he says.
The government’s resources are another issue. “Such a system needs substantial investment in constant improvements and world-class talent running it and securing it. Google has that. Facebook has that. The government doesn’t,” Koziarski continues.
For those using RealMe for access to the My Covid Record site, it seemed that most people with an existing verified account had an easy breezy sign in, but for those who had let their account get out of date or hadn’t taken the steps to verify their existing account, the process was quite different.
“I made the terrible mistake of trying to set up my [vaccine] pass via RealMe,” Brenda Leeuwenberg posted on Twitter. “Several days and multiple attempts later, still no joy and stuck in an endless loop of redirects. Has anyone actually made it work that way?” continued the tweet. The replies confirmed that many other people had been successful.
Speaking on the phone later, Leeuwenberg elaborated on the issue. “I set up the Health Record account a while back when it first came out and used one particular address that wasn’t the same as my RealMe address,” she explains. Apparently, when she tried to connect her RealMe verified identity to the Health Record account the email address discrepancy was too much for the system to handle, resulting in an endless loop in the application and no useful error message.
The only option for Leeuwenberg was a call to RealMe’s helpline, a challenge in itself. “You call and you get cut off, or you call and you’re on hold for two hours… and then you get cut off,” recounted Leeuwenberg with a sense of remembered exasperation in her voice.
I made the terrible mistake of trying to set up my vacs pass via RealMe :( Several days and multiple attempts later, still no joy and stuck in an endless loop of redirects. Has anyone actually made it work that way?
— Brenda (@digitalharpy) November 22, 2021
One common issue that many people encounter when trying to use their years-old RealMe login for the first time in ages is very relatable: they have a new phone. They no longer have access to the phone number that the service was sending a code to, or their authenticator app is no longer installed.
Auckland photographer Roger Baillie had this issue. “I decided to use [RealMe] for my vaccine pass, and when I went to login I noticed that it was sending the security number to my old phone number.” For Baillie, too, the only option was a call to the helpline, but his experience was not good. “I tried to call them and what I got was a message that said this phone number cannot be reached or doesn’t exist.”
Days later, Baillie reported he’d still had no luck getting through. He made it as far as the answering service, but after 15 minutes on hold had to abandon the call. He’s since been able to back out of the RealMe process for his vaccine pass, and managed to use the regular email address signup process. For now Ballie has decided to “park RealMe until after Christmas.”
Long holds and random disconnections might not be the worst part of a call to the help line, either. “Holy shit, the RealMe hold music is TERRIBLE,” tweeted Robyn Gallagher last month. “It’s a short clarinet piece that is looped ad nauseam. The only interesting thing is that the looping isn’t smooth, it restarts in the middle of the piece.” In a follow-up, she noted that she’d emailed the minister of internal affairs about the music, so fingers crossed on that issue, at least.
Holy shit, the RealMe hold music is TERRIBLE. It's a short clarinet piece that is looped ad nauseam. The only interesting thing is that the looping isn't smooth, it restarts in the middle of the piece. I have been listening to this for 25 mins so far. 😭😭😭
— Robyn Gallagher (@robyngallagher) November 24, 2021
Aotearoa has a “world leading” digital identity system in RealMe, says deputy chief executive Robertson. She also promised to look into the hold music, but clarifies it “hasn’t been [the DIA’s] number one priority.”
Unfortunately, the nature of RealMe, as a secured and identity-connected service, means that problem solving is often a complicated process requiring that call-centre staff take steps to verify the identity of those who call. As such it can be a complicated call, and the added demand placed on the service by the unprecedented roll-out of My Vaccine Pass has put pressure on the already in demand help line. “We’ve had about a 270% increase in calls and a 750% increase in email contacts since mid to late September,” says Robertson.
If you don’t already have a RealMe account, it’s worth taking the time to set one up. But it’s probably best not to wait until you’re facing an immediate deadline, just in case the process doesn’t go smoothly. And if you already have one, now’s a great time to make sure it’s all up to date and the login process works.