https://mattersoftesting.blog.gov.uk/improving-mot-testing-service-security/

Improving MOT testing service security

In our last Matters of Testing blog post, Neil Barlow talked about making a number of security improvements to the MOT testing service.

Keeping the data on the MOT testing service secure is a big priority for us and we want to reduce the risk of fraud.

As technology changes and improves, we need to make sure we keep up. To do this, we’ve focused on reducing how often you need to use your security card while improving other security measures.

Following comments from MOT testers and user research, we've made several changes to the testing service to make it more secure and easier to use.

Choosing the right password

We’ve found that lots of MOT testing service users have very simple passwords that aren’t secure enough. This could compromise the integrity of the service, so we've made improvements to make sure passwords are more robust.

Users on the MOT testing service will need to start updating their passwords to make them more secure.

You’ll be prompted with an on-screen message the next time you need to change your password change or use security questions to log in.

Your new password will need:

  • at least 8 characters
  • at least 1 number
  • a mixture of upper and lower case letters

You'll also need to choose a password you’ve not used before and certain common words are not allowed. You’ll receive messages on-screen to help make sure your password and answers are secure enough.

So these changes don’t cause too much disruption, we’re bringing them in gradually.

Why security is so important

We know that having to come up with secure, strong passwords can be a pain, but it’s really worthwhile to make sure the MOT testing service remains secure.

After all, the information stored there can be quite sensitive. And the possible risks involved in someone gaining access to your account don’t bear thinking about.

It’s entirely possible, for example, that someone could use your account to issue fraudulent MOT certificates if they managed to get access to it. This could not only mean potentially dangerous vehicles are allowed on the road, but could also damage your business and your reputation.

So it’s essential that users make sure they do everything they can to make sure accounts remain as secure as possible.

We’ll take disciplinary action against anyone who uses an account fraudulently.

Making working more convenient

It isn’t all about making you jump through hoops, though!

We’re updating the MOT testing service so you’ll only have to use your security card to log in once per day. After that, you’ll only need your username and password.

This will make logging in and out quicker, saving you time and effort, particularly if you have lots of vehicles to test.

If we notice any changes to the way you log in during the day, you'll be prompted to use your security card again.

Our aim is to make the system easier to use and to pave the way for more advanced security tracking in the future.

Event history

Some of you have noticed the new “event history” area on MTS.  We’ve introduced this new feature so you can see information relevant to you and your garage.

The information recorded there will include interactions with DVSA, like vehicle inspections carried out and site visit results.  Not all DVSA visits result in an event being recorded, and there may be no history showing if you haven’t had any visits from DVSA yet.

We’ve introduced this in preparation for the new site review process we’re planning to introduce later this year. The information in the "events history" area will help users understand their ratings.

We’ll let you know how the garage review process is going in the next blog post.

Feedback

We’d love to hear what you think about these changes in the comments below. So please leave some feedback on how you think we can improve the MOT testing service.

117 comments

  1. Comment by DAZ posted on

    WE FINALLY HAVE OUR TESTER RATINGS. BUT IF ITS RED THERE IS NO EXPLANATION ON HOW IT IS WORKED OUT AND WHAT THE AE OR TESTER CAN DO TO IMPROVE IT .

    Reply
    • Replies to DAZ>

      Comment by Julia (DVSA) posted on

      • Replies to Julia (DVSA)>

        Comment by Alastair posted on

        With respect Julia, the blog post explains nothing. Testers can review their test quality information, but if a high quantity of vehicles presented fail the MOT with obvious suspension defects for example that in turn significantly increase your failure percentage over the national average for that category, what has the tester done wrong apart from performing the test properly following DVSA guidelines? Obviously if you have negative events on your event history then yes, I can see why this would affect your rating but if you don't and you are still rated amber or red because of high failure rates/component failure rates there is still no obvious explanation for this?

        Reply
  2. Comment by graham posted on

    I see that there has been an update, yet we still have to sign in with our cards every time, when will this change happen? Thanks

    Reply
  3. Comment by marcus paton posted on

    i think they should be more worried about the manual and get that sorted out before anything else is done and as for this annual assesment i think alot of older testers would agree why not go back to the old way but change it to every 2.5 years instead of 5 years alot of us older boys prefer face to face and arnt that great on computers,and what happens when we leave the eu,all these changes to the manual is taking up time you are always having to check it well most of us have a life outside work and struggle to get a chance at work if you are doing 9 or 10 tests a day.

    Reply
  4. Comment by Gary McRae posted on

    It's been proven by security experts that changing your password regularly isn't the best method as you are more inclined to make it something easier to remember or write it down somewhere. Its far better to have a longer more complicated password and keep it for longer.

    Reply
  5. Comment by daz posted on

    The new change to the screen when u go to print the checklist tells u to print it so u dont forget any items . It prints the checklist that does not give u the list of items to check .You have to go to bottom of screen for that come on get it right first time .

    Reply
  6. Comment by stoker posted on

    I notice today 2/11/18 that you have changed the screen layout when logging on and now provide a green link to print A v29 inspection sheet and suggest it will assist with the test .This link however does not print a vt29.

    Reply
  7. Comment by Neset Ceri posted on

    Please leave it as it is..this " we love technology " is getting out of hand. I do not want to use my smart phone- tablet for MOT testing, I want to concentrate performing a quality test. Linking your phone to brake-emission testing, to DVSA is a ridiculous idea, it will cause so many problems. And I honestly think MOT security card is unnecessary over kill-expense, for logging to my online banking all I need my name-password and a random figures, I do not need a physical card. During my work in Somerset I meet many testers who are fed up with all this technological ideas being forced down their throats on weekly basis from the people who come up with all these ideas from their offices. Secondly this online annual assessment is a waste of time and money, any intelligent person can pass it just by searching manuals , you do not have to be a tester , previous system by attending class room- workshop was a better idea, you also learnt something from people's experiences. Of course MOT system advanced and improved a lot for good during last 15 years . but please DVSA ...just give us time to digest the info before you bombarding us with more !

    Reply
    • Replies to Neset Ceri>

      Comment by Wayne posted on

      Yes totally agree! Why have a stupid card anyway surely your user name and a password that only us as testers knows is enough! Put the wasted money into bringing back a refresher course that would benefit us most!

      Reply
  8. Comment by myke posted on

    At this present time, MOT security cards to manufacture / distribute / replace is a cost to DVSA. On the blog you state "Our aim is to make the system easier to use and to pave the way for more advanced security tracking in the future". Are you indicating the phasing out of security cards ? to eliminate the weak link. At a guess 99.9% of testers have a mobile phone, and this number is probably listed in the MOT testing Service, profile of the tester. Therefore are you contemplating 2 Factor Authentication via SMS text ?

    Reply
    • Replies to myke>

      Comment by Julia (DVSA) posted on

      Hi Myke

      This is an interesting idea that we have looked at. The only thing is do AEs want testers on their phones regularly in the workshop and would all testers be happy for DVSA to 'use' their phones in that way? This isn’t necessarily about phasing out the cards but being ready to look at better ways of working and embracing technology as it moves on.

      Reply
      • Replies to Julia (DVSA)>

        Comment by jim posted on

        my manager has stopped us using our phones in the workshop , can only use them on our break period , so that wont work for me !

        Reply
  9. Comment by Michael posted on

    leave it as it is

    Reply
  10. Comment by Derek posted on

    What percentage of the test issued do you estimate are fraudulent?

    What percentage of this is as a result of identification fraud?

    Some statistics, please.

    Reply
    • Replies to Derek>

      Comment by Julia (DVSA) posted on

      Hi Derek

      From a combination of monitoring the IT and enforcement visits, we know that errors are being entered into the system. Some of these will be genuine mistakes but in some cases it is deliberate where a user has used someone else’s details to record a test. These security changes are a small step to combat this and we have plans to further improve security and monitoring of the system.

      Reply
  11. Comment by Steve l posted on

    Anyone reading this actually been hacked?

    Reply
  12. Comment by Paul Woods posted on

    ~Seriously how can we take security concerns seriously when you think it's a good idea to remove a level of security because it takes seconds.
    There are many aspects of testing cars that are repetitive but necessary
    It's the Job do it properly or don't do it.

    Reply
    • Replies to Paul Woods>

      Comment by richard posted on

      Exactly this, it's a backward step ,these days it should be about strengthening your online security , not weakening it ! Can you imagine if the banks all decided we don't have to fully use the security features they have given us to make it easier to log on , there would be uproar.
      There are far more pressing things that need to be sorted first, ie the manual.

      Reply
  13. Comment by Guy posted on

    I still can not understand why the typed responses to your log in questions are shown on screen and not hidden by ****
    Also I can not understand why the Card has had so many failures. I must have been through five. Each time it fails the last generated number remains in the window, and the screen display inverts in contrast and then fails.... anyone else experiencing this?

    Reply

Leave a comment

We only ask for your email address so we know you're a real person