In our last Matters of Testing blog post, Neil Barlow talked about making a number of security improvements to the MOT testing service.
Keeping the data on the MOT testing service secure is a big priority for us and we want to reduce the risk of fraud.
As technology changes and improves, we need to make sure we keep up. To do this, we’ve focused on reducing how often you need to use your security card while improving other security measures.
Following comments from MOT testers and user research, we've made several changes to the testing service to make it more secure and easier to use.
Choosing the right password
We’ve found that lots of MOT testing service users have very simple passwords that aren’t secure enough. This could compromise the integrity of the service, so we've made improvements to make sure passwords are more robust.
Users on the MOT testing service will need to start updating their passwords to make them more secure.
You’ll be prompted with an on-screen message the next time you need to change your password change or use security questions to log in.
Your new password will need:
- at least 8 characters
- at least 1 number
- a mixture of upper and lower case letters
You'll also need to choose a password you’ve not used before and certain common words are not allowed. You’ll receive messages on-screen to help make sure your password and answers are secure enough.
So these changes don’t cause too much disruption, we’re bringing them in gradually.
Why security is so important
We know that having to come up with secure, strong passwords can be a pain, but it’s really worthwhile to make sure the MOT testing service remains secure.
After all, the information stored there can be quite sensitive. And the possible risks involved in someone gaining access to your account don’t bear thinking about.
It’s entirely possible, for example, that someone could use your account to issue fraudulent MOT certificates if they managed to get access to it. This could not only mean potentially dangerous vehicles are allowed on the road, but could also damage your business and your reputation.
So it’s essential that users make sure they do everything they can to make sure accounts remain as secure as possible.
We’ll take disciplinary action against anyone who uses an account fraudulently.
Making working more convenient
It isn’t all about making you jump through hoops, though!
We’re updating the MOT testing service so you’ll only have to use your security card to log in once per day. After that, you’ll only need your username and password.
This will make logging in and out quicker, saving you time and effort, particularly if you have lots of vehicles to test.
If we notice any changes to the way you log in during the day, you'll be prompted to use your security card again.
Our aim is to make the system easier to use and to pave the way for more advanced security tracking in the future.
Event history
Some of you have noticed the new “event history” area on MTS. We’ve introduced this new feature so you can see information relevant to you and your garage.
The information recorded there will include interactions with DVSA, like vehicle inspections carried out and site visit results. Not all DVSA visits result in an event being recorded, and there may be no history showing if you haven’t had any visits from DVSA yet.
We’ve introduced this in preparation for the new site review process we’re planning to introduce later this year. The information in the "events history" area will help users understand their ratings.
We’ll let you know how the garage review process is going in the next blog post.
Feedback
We’d love to hear what you think about these changes in the comments below. So please leave some feedback on how you think we can improve the MOT testing service.
129 comments
Comment by David Self posted on
I have 10 or so passwords for differing applications, the MOT site being just one. All my passwords are complex to differing degrees depending on the sensitivity on the site in question. Yes, security is an issue. However, constantly changing passwords, whilst on the surface and technically, a good idea, in practice is a nightmare. Trying to keep in mind all the different user names is another task in of itself. So what do we do? We write them out on a piece of paper or do something else which will compromise the whole system. All to what end? Sophisticated hackers can, should they so wish, crack a 40 digit code. My point being that reasonable precautions are necessary, but to make them onerous will defeat the object of the exercise. As it stands, the password requirements for the MOT site when backed up with the personalised random digit generator card are more than adequate. To insist that our passwords be changed on a regular basis is, as I point out above, only going to 'open the door' to unsound practice. So, for my ten pennyworth, please leave the current system as it is. I thank you and goodnight...
Comment by Tony S posted on
Very good I fully agree.
Got so used to the card it's become second nature and no problem, not at all time consuming and no effort.
My guess is that the cost of replacing the cards is too expensive to upkeep, so by cutting down the use, it will cut down the need to replace them!!
Mine's been fine, will most probably pack up tomorrow now.
Comment by David Self posted on
Perhaps if the DVSA didn't use cheap cards and specified ones that are up to the job, then they wouldn't have to replace them with monotonous regularity.
Comment by Stephen Connolly posted on
I cannot see how having to only use the security card once a day improves security. At the moment if someone should by some complete fluke guess my password they still cannot log on as my security card is on my person but with these changes they would be straight in... daft idea. My password already consists of upper and lower case letters and numbers, simple passwords are just not secure.
The biggest improvement you could make to the MOT scheme is to make it a fixed charge, having just paid out a fortune for a new emissions tester it is infuriating to see national outlets offering an MOT for free.
Comment by shane posted on
stick to the security card idea but with the old smart card reader in one card so you have to still put in the six digit pin as well as putting card in a card reader. maybe then when car is not in card reader the pc is locked to outher users unless there a card holder them selfs.
Comment by As posted on
DVSA - Are we able to go a set amount of time without doing a test before losing our mot status as a tester?
Comment by Mike Williams posted on
MOT Testing Guide. App.6--Tester Training and Demo Tests.
After 6 months---Demo Test DVSA
2 years to 5 years--- Annual Training and Assessment for the current year. Plus any additional training that is required. Plus Demo Test DVSA
After 5 years, Start again.
Comment by Mike Tarrant posted on
Just how long does it take you to get a number -it takes me just 5 seconds to get the card out & get he number!
Comment by Paul posted on
5 seconds, your a bit slow!!!!!!
Comment by Mike Tarrant posted on
Having been a Tester for nearly 40 years I have obviously seen many changes. If my memory serves me right when we went computerised first of all we had to use a Password just has been described previously-did this change? My passwords have always been a mixture of numbers,capitals & lower case.so why is this being "introduced?" We also had a "swipe card" that had to be used every time, so what is all this rubbish about signing in only once a day with a Security Number- it takes me 4 seconds to get my number as the card must be kept on your person so I was told when we had a check 18 months ago. To sign in only once a day is making the system less secure NOT more. KEEP IT AS IT IS IF THIS IS THE REASON!
Comment by Ash posted on
One thing I've failed to find - As testers, is there a set amount of time that if we don't carry out a test we lose our testing powers?
Comment by Graham posted on
I think that if you dont test within 6 months, then you need dvsa to come out and do a demo test. If you dont test within 5 years you need to do the qualification again. Im sure its in the guide somewere
Comment by myke posted on
MOT Testing Guide > Appendix 6. Tester Training and Demonstration Tests > Training and demonstration test requirements > ..To maintain their testing status, a tester must complete a full MOT test within a 6 month period. If a full test is not completed the testers status becomes lapsed (page 159).
Comment by Barry posted on
Ash,as I understand it at the moment,you could go six months without logging a test,before any thing happens,but I may stand corrected as I only test when someone is off and I'm sure it was 6 month then....
Comment by mercedes posted on
you say your going too stop us useing google password on our computers i would like know how a have macfee buisness security on mine how are you going too get bye this as its the best security you can but am told ps i am a 1 man band theres only me here any way
Comment by Mr posted on
Please keep it the way it is!
Comment by M posted on
The way it is now is perfect .. i dont see how it is time consuming to type the security code each time .. or there should be an option to say if you dont want to type code each time .. the security levels will be poor if you only type once regardless of how strong your password is especially when you have alot of staff members in a small space .. i would not feel secure ?!
Comment by richard posted on
How much does one of these cards cost?probably about £10 to £15. By pressing it twice for every test they do break and we get sent a new one,FREE. Is all this about security or cost saving? Probably the latter
Comment by Murat posted on
I have to take my security card out from my pocket and put it back ,take it out put it back so many times and I am doing this may be twenty times a day so what if I forget it outside on my desk in that rush hours and examiner visits same time ? ?
Comment by Julia (DVSA) posted on
Hi Murat
That's why we're implementing this way forward. We don't want testers to leave their cards on their desk and neither do we want testers to have to keep taking them in and out of their pockets.
Comment by Albert A Marubbi posted on
AA Marubbi In our M.O,T station we still use the snap shut day safe that we used in the days of pre computerisation, to store our security cards. and we believe the present system is as secure as can be. and does not need to be changed regards A,A. M.
Comment by Ettore posted on
Just a thought that the system can be made optional for each tester if they want to sign in Every time they do a test they can. if not they can sign in once a day and system automatically sign you out after an 2hour if not used so you need to sign back in again. This will stop you getting your card in and out every time you test if you are busy. and if you prefer to get your card in and out every Time you test then you have the option. Personally don’t mind signing every time but as I say it is a matter of preference
Comment by Zeeshan posted on
Only using the security card once a day is a great idea,
Comment by Michael hill posted on
Why not use fingerprint like on mobile phone surely it’s more secure and less of a problem
Comment by Jamieson posted on
Agree with a number of comments especially the printer friendly reports as I am not a tester but carry out other roles and the reports are VERY difficult to read when printed off SURELY it cant take much for the IT gurus to make this better
Also agree re buying more slots/card details plus a warning when slots running low, maybe each station could set their own warning level depending on how busy you are
Comment by Michael Grimbley posted on
Why not use card readers that open the logging on page then password simple job done no security issue.
Comment by john waddington posted on
i don't have a problem using my card every time , like someone said earlier its only six numbers. ive never had a problem obtaining a new card I think the systems ok as it is and I am seventy three !
Comment by Colin johnson posted on
why fix it when its not broke its fine as it is i am shore then money could be used better else where with in the system
Comment by Nigel posted on
Security is, and always will be an issue, however I am amazed that someone thinks that logging in just once a day is more secure than using your pin card every time. Surely this will make fraudulent use more prevalent, as one comment mentioned it is easier to establish a password than steal someone's pin card. What would be nice is a cursor in the PIN number box instead of clicking it ourselves. There's an old saying 'if it ain't broke don't fix it'.
Comment by Julia (DVSA) posted on
Hi Nigel
Cards are not a long term answer and as technology moves forward, we need to be in a position to move with it. So, by adding extra security layers in the background we can start to reduce card use in most scenarios. Just like any change, it is easier to find potential problems now, but lets see when it rolls out as that will be the proof. If we all stick with 'If it aint broke don’t fix it' thoughts we would still be trying to find fire and invent the wheel!
Comment by mark posted on
yes correct but all these changes are happening at the rate of about once every 2 months this should have all been sorted before roll out us testers dont know from one day to next what is happening
Comment by martin posted on
You told us the reason for having the card in the first place was because of software that enables hackers to detect repetition ie the same password.
We where told and random number generator makes this impossible for this to happen.
So what has changed ?
Comment by Julia (DVSA) posted on
Hi Martin
We have better IT security internally and moving on with technology.
Comment by Castrolrob posted on
if we stuck with-if it aint broke don't fix it-then maybe we would be still using a manual that was perhaps a little fitter for purpose than the current version,just a thought you understand.given that this is of more concern to most testers than entering a 6 digit pin may I take your comment of -cards not being a long term solution-to indicate that this would be the first step to their removal?we testers/mechs tend to hear management speak day in day out and as such have gotten rather good at decoding it.you can put this on the pile with the other moderated posts if you like.......
Comment by Julia (DVSA) posted on
Hi
All technology moves on quickly these days and by taking steps now we can ensure we don’t get to a position where we are tied to outdated technology.
Comment by andy posted on
a 6 number random code is much better idea than the same passwrd every time
Comment by Graham posted on
Making strong passwords that have to be changed every 3 months, one upper case, one emoji, one backwards letter!!! WHY DO YOU THINK PEOPLE WRITE DOWN THERE PASSWORDS BECAUSE THEY CANT REMEMBER THEM!!!!!!!!
Comment by Julia (DVSA) posted on
Hi Graham
We're not asking you to put in characters such as emojis. You need at least one upper case and lower case letter plus a number - you can now use a space if you want to make two words though. You choose the password so choose something that you can remember.
Comment by Graham posted on
If you couldn't tell, i was being slightly sarcastic. How can you choose something you can remember if you have to change it every 3 months, and ontop of that have one capital and a number. This is why people write passwords down. Why not just a 6-8 digit passwords, forget capitals and numbers, and change every year.
Comment by richard posted on
Excellent /s , now that's sorted, can you now get back to the real crux of the matter, sorting out the manual.
Comment by Adrian posted on
sorry for being thick but what is the MTS?
Comment by Julia (DVSA) posted on
Hi Adrian
It's the MOT testing service referred to in the blog post.
Comment by Mikey posted on
From what I remember when we first went computerised the password settings were exactly the same as you have just set out above in your blog. So how/when did it change? My passwords have always been as per your instructions & changed when required. So how is using my card only ONCE PER DAY going to make it more secure?!! Surely the "one time use number" system is the best way to maintain security. How long does it take to press a button & type in a number?
Seems stupid & backwards to me.
Comment by 2002 posted on
Can we opt in to stay as it is now using the card number as it means I am under total control of what goes on. Not that I think there has been or would be a problem where I test. Or is this to do with reading people can not get new cards to use as I have read testers have been waiting month for new ones with no luck.
Comment by Julia (DVSA) posted on
Hi
Firstly if users are not receiving cards within the timescale please let us know – no we don’t have a problem with supplying them. We've also often discovered cards ordered to an address that the user is no longer at so please check personal details are correct under ''Your profile'. There isn’t an option to 'opt in' and, as you say, you wont have a problem – due to the other security built in you will still have control.
Comment by mr john paton posted on
IN THE FUTURE COULD THE DVSA COMPUTER SYSTEM NOT GENERATE A SECURE PASSWORD EVERY 30 DAYS FOR AN INDIVIDUAL TESTER LINKED TO THEIR CARD/NUMBER AND THAT WAY WE WOULD NOT HAVE TO THINK OF OUR OWN JUST A THOUGHT.
Comment by Julia (DVSA) posted on
Hi John
The point of the user coming up with a password is that only they know it. If the system generated one arguably we have the users password stored somewhere – so it won't be as secure. Also a computer tends to produce obscure passwords with random letters/numbers – this would likely lead to more people writing them down and again could be less secure.
Also passwords are required to be reset every 80 days not 30.
Comment by chris burland posted on
well for the scheme that was great worked well training very good it has fallen apart .how can we be checked by pc do you know who is answering questions, same as garage checks, phone and ask questions it is just mad . have work at a few testing and see a lot of different standards .. and keep calling it a roadworthy est is a joke ,until you add at lest the spare wheel to test, vehicle is not roadworthy a just safety check .started testing in 76 went on to do class 1-2-3-4-5-7 .now just about finished working see things that make no different to safety as failures ?
Comment by Paul Brookes posted on
re introduce the vt26 and photo to ensure that the person who tests yopur vehicle is in fact the nominated tester
Comment by Julia (DVSA) posted on
Hi Paul
Only a tester with that role at a VTS can issue a certificate. This is traceable to DVSA by their log in details if there is a problem.
Comment by phil littlewood posted on
Is this another justification for so ones job, the smart card is the thing that makes it safe, a random number generator can't be remembered. If some one got your pass word, it's still no good without, the card. To me using the card once is stupid, what is annoying is you having to input your user name in everytime, ok if you have to sigh out to let another tester log in then it's unavoidable. The biggest threat is from dodgy testers, making elligal tests, not the public. Also which is stupid, if you have forgot you card and need to log in using your secret rememberable questions, the answers are visible,not asterisked, if some one gets rhem they don't need any password or smart card as it override the security, please leave it as it is, its safe and, make the secret information invisible with an option to see if required. This is obviously someone's idea who doesn't use it in real life. Dont fix that's not broke, effort should be used to bring defective sock absorbers back in to the test,what's the point in failing it for a djective bush etc when the thing doesn't damp anyway, major error Stupid.
Comment by Julia (DVSA) posted on
Hi Phil
The card will be used still to access initially and if any log in details change. A user is ultimately responsible for their account security, just like a bank, so log in details should not be shared/written down where they could be found. If using security answers then you need to make sure no one is watching – just like entering your bank PIN code. Obscuring answers was considered but may cause more problems if users think they have entered correctly but cannot check. If you're not confident that your security answers are secure then log in as normal and change them under 'Your profile' at any time. This idea was introduced by users who are on the system every day and have up to date IT security requirement knowledge.
Comment by John smith posted on
How can someone with only your password issue an mot as stated when the security card is required?
Comment by Julia (DVSA) posted on
Hi John
To issue an MOT you need to be a recognised tester on the system, hold the tester role at the VTS and log in initially with username, password and 2FA card. After that, as a tester, you can use just username and password but only if all log in details stay the same, so if you're at the same site.
Comment by castrolrob posted on
incorrect,to issue an mot you have to have access to the id and password of a registered tester and currently you would also need their card unless you had access to their security answers.the SYSTEM doesn't know whether someone entering these details is the actual tester or not,my guess is some of the fraudsters are claiming to have been hacked in some way when caught lending someone else all of the above to cover holidays or similar.card or no card someone willing to do this is not going to be deterred by a once a day use of their card,quite the reverse,i expressed all the above concerns and others when these cards were first mooted as this was also an issue under comp 1.
Comment by Hamid Khan posted on
Why don you introduce fingerprint system login instead of security card and its secure and fraudulent mots will be drop down to 100% and system will 100% secure
Comment by Gary posted on
No idea what this is about. When my MOT is due I ring a garage and book the car in. So what on earth is a security password needed for? So confused as I'm not a net geek. I preferred the old ways. Wasn't much fraud b4 the internet imposed itself on us all. Why the he'll do an ordinary Joe need a MOT Testing Security blah blah...? And why would anyone want to log in everyday? So confused.
Comment by Julia (DVSA) posted on
Hi Gary
This procedure is for MOT testers at a garage, not for the public taking their car in for a test. Motorists will still book their car in for an MOT in the usual way and nothing has changed for them.
Comment by Julian posted on
One log per day using the security card will be a great help as I usually test 9 cars a day plus retests .
It would be beneficial to me if you made the monthly reports in a more printer friendly format as my reports for my test station are never the clearest when printed and could be a lot better making it easier to use the information at a glance not a big effort .
Comment by Baz posted on
Surely the safest way is to continue using the security card every time we log on- passwords can be hacked but security cards are surely 100 per cent foolproof? I heard that the reason behind changing to using once a day is down to expense- how true is this as I dont find it time consuming using my security card
Comment by TONY posted on
WHAT IS THE PROBLEM WITH USING YOUR SMART CARD EACH TIME
Comment by Michael Grimbley posted on
Nothing it's more secure
Comment by Andrew posted on
There is no problem
Comment by peter posted on
If you currently have to use you card to login it is a more secure way than only using once per day changing the way passwords work will not make the system more secure liking a person to one MOT station and querying any MOT logged on to a different site will stop any unauthorized miss use if you work in two or more stations you will have to put up with it. It is your job.
Comment by robert d speakman posted on
i think its a good thing only to log in once a day and to have good passwords,
Comment by Ian Hanson posted on
All sounds good and sencable thank you ?
Comment by Stuart posted on
Surly the most secure part of the logging in system is the random card number generator and your getting rid of this apart from the first log in to save time ! Pressing one button and reading 6 numbers isn’t exactly time consuming
Comment by Harpers Pitstop posted on
Yes who complained about it nobody I know , simple and secure to press six numbers.
Comment by kerry wilson posted on
its not hard is it pressing for a number at least its a unique combination
just for yourself ...
Comment by John posted on
All you have to do increase security is use a program not a website and each program has to be signed to the ip address of the computer and each program will only work with that ip address, use a finger print scanner or Face ID will be the most secure way of logging on password on a website can be hacked so easily like any other website
Comment by Ian Richards posted on
Great idea logging in once per day provided same pc is used
Comment by Simon ward posted on
One issue I have found is that when I purchase test slots the system doesn’t seem to remember my payment card details. Every time I pay with the same card I press the relevant button to do this but still have to type in all the card details again to pay. This takes quite a while and is quite frustrating.
Comment by Phil posted on
Doing away with the security card PIN at every login will make it LESS secure!
Comment by John m Beckett posted on
We should use the old smart card & reader...was the best..I hate passwords, as to keep changing them makes life difficult. There’s too much to remember with the mot manual for testing let alone changing passwords every 6 weeks..I can never remember my new one for the first week!! And all the new stuff introduced is a pain with different dates and items..why can’t the DVSA just put it all on one sheet to print off and study..!
Am 61 ...going on 62...if I could pack in I would..it’s got more faffy since I started in 1972 ,73....! But can’t afford to...!
Comment by Len posted on
I agree John I'm similar age and it's a proper pain with all the dates and new introduction, I know when a car is safe or not
Comment by John m Beckett posted on
Yes we should do... ive been at it since I left school at 15 1/2 yrs old...lol..,
Comment by C. Greenhough posted on
More red tape . Change for change sake . People want to keep the status quo. Small wonder you cannot get testers. You are sleep walking into a crisis of your own making
Comment by martin posted on
We waste more time looking for items in the new manual which still isn't really fit for purpose with all the omitted rfr's and unbelievably poor grammar.
Please rectify the above as you have not had one complaint about the time spent logging in.
Comment by Robert Moore posted on
All the passwords in the world won’t help anything it’s mearly a register being filled in , it’s the testers discretion what he types in what you read not the quality of the mot he’s just done your getting only what’s typed in what you want typing in times stats there all what your asking for and testers dare not do otherwise for fear of being punished not educated, so they sit with therecoffe watching the clock go round even though they have done the test corrrectly it’ll stand out to you and then you’ll come down like a ton of bricks on him. You should be concentrating on the vehicles after the mot, compututerisation was nothing more than a digital register snd still is today!
Comment by Callum posted on
Only using the security card once a day is a great idea, seeing as I do 10+ a day, it gets abit tedious. Plus my cards don't seem to last.
Comment by Mark posted on
I don't like testing anymore it's like been in mi5
Comment by Stuart Lankford posted on
Hi
I actually think the system is brilliant and very user friendly. The only thing I frequently miss is when my slots run low. Is there any way a prompt can be sent when say you drop below 10 remaining test slots. Its only a minor thing and as I say I think the system is very easy to navigate and easy to understand. regards
stuart Lankford.
Comment by dave. posted on
more difficult passwords make the need to be written down to remember them, we have passwords for every account we use online, thumb print or retina scan is whats needed
Comment by Martyn posted on
I find it far less of a problem using my card every time I log on then coming up with a new password every 30 days
Comment by dave bs posted on
agreed
Comment by Salim posted on
I think it's great idea.. If you're working at 2 places it will help us to choose the right garages name. Because I have mistakenly logged car in and not knowing till later.. then ringing help desk.
Comment by Joseph Conlon posted on
So the only keep on you ...no one else will ever know password will be stored all day .....thats clever
Comment by An Admirer and real person posted on
Looks like the think tank is active again why don’t you introduce a DNA test for logging on worth a thought ?
Comment by tom posted on
Proper sentences and correct grammar on Dvsa pass/fail descriptions could improve the image of the tests and garages.
Comment by MR JB ARPINO posted on
IN YOUR FIRST PARAGRAPH ON HOW TO IMPROVE SECURITY WHAT DO YOU MEAN BY HOW OFTEN DO WE NEED TO USE OUR SECURITY CARD?
Comment by Julia (DVSA) posted on
Hi
It's explained further down the article that you'll only need to use your security card once a day to log in instead of every time you do an MOT.
Comment by James perry posted on
How about putting proper failure situations back in the test ie shock absorbers that will cause a massive impact if your car careers of the road and kills some one rather than an a advisory of slightly reduced damping effect surely peoples safety is better than a password and security pin ?
Comment by DAVID DUDLEY posted on
I AM ALL FOR ONLINE SECURITY, YES IT IS A PAIN THINKING OF PASSWORDS ALL THE TIME BUT IT BETTER SAFE THAN SORRY AS THE SAYING GOES.
Comment by Dean A Townsend. posted on
"We’re updating the MOT testing service so you’ll only have to use your security card to log in once per day. After that, you’ll only need your username and password." This is great thing to do its such a pain to have to use the code every time you log in. Especially when its busy
Comment by jim forsyth posted on
glad to see the logging in process has changed and this will save time and also extend the life of the smart cards.