Passkey technology
strengthens myGov security
Tier 3
$5.6 million investment
(Digital $3.3 million)
Over 500,000 users
my.gov.au/passkeys
The Phishing Resistant Credentials in myGov
Project has delivered passkey technology to prevent
phishing- related attacks on myGov accounts.
Phishing attacks deceive individuals by posing as
trusted organisations to obtain their login details.
Recently, myGov has seen a significant rise in such
impersonation scams.
In June 2024, Services Australia delivered a phishing-
resistant sign in credential known as a ‘passkey’
to myGov. Individuals can now disable their myGov
password and use a digital ID (Digital Identification)
or passkey instead. This helps prevent scammers from
accessing myGov accounts with stolen credentials or
phishing scams.
Passkeys use the latest in cryptographic keypair
technology and are simple to set up and use with
a myGov account. Using a passkey and disabling a
password makes myGov accounts resistant to phishing
attacks because the passkey only works with the website
or app it is created on, which means it will not work on a
phishing website.
Keys to success
To successfully deliver this project, Services Australia:
• conducted social market research to understand user,
community and stakeholder attitudes towards security
and sign in options, awareness of passkeys and
potential drivers and barriers to adoption
• based the technical build on use and adoption of
open, industry leading authentication standards
• implemented user centred design based on myGov
user experience
• employed iterative testing, integrating testing with all
myGov member services, using a 3-month private beta
with hundreds of users, releasing via a soft launch in
June 2024.
In the first week, more than 20,000 myGov users set up
a passkey. By the end of December 2024, over 500,000
users had a passkey connected to their myGov account
and over 200,000 had turned off their myGov password.
This is one of the first digital government services in the
world to implement passkeys.
It’s so simple and easy to use and I feel all of my
myGov information is safe from hackers.
myGov user
The Australian Government’s digital projects | MDPR 2025 | DTA 12
How the Australian Government
manages its digital projects
to support success
This section explains how digital projects are supported from
the centre of government including through a world-leading
investment management framework specifically designed
to create the conditions digital projects need to succeed.
Reforms
supporting
success
Ensuring digital projects deliver expected benefits
for Australians on time and on budget sits at the heart
of each of the reforms highlighted throughout this report.
How the Australian Government manages its digital projects to support success | MDPR 2025 | DTA 13
How digital projects
are monitored and
supported from the
centre of government
In the past year, more projects have come under
central monitoring and oversight as part of the
Australian Government’s Digital and ICT Investment
Oversight Framework (IOF).
This world-class framework is designed to ensure
digital projects are strategically aligned, carefully
prioritised, meet digital policies and standards,
and realise expected benefits for Australians.
The IOF starts with setting a clear strategic
direction, which is then reinforced throughout
the lifecycle of project design, funding and
implementation. Throughout this lifecycle,
best-practice digital policies and standards set
clear requirements with agencies supported to
meet these requirements by the DTA.
IOF Digital and ICT Investment
Oversight Framework
Six interconnected states delivering coordinated advice and action for
government in ensuring projects deliver to expected benefits and outcomes.
Pre-budget
Strategic planning
Defines the
Australian Government’s
digital and ICT-enabled
investment portfolio and
its future objectives and
identifies capability gaps.
Prioritisation
Prioritises, plans and advises
on investments to deliver on
the Australian Government’s
digital and ICT objectives.
Budget
Contestability
Ensures proposals
are robust and meet
whole-of-government
digital standards immediately
prior to government
consideration.
Implementation
Assurance
Provides assurance to the
Australian Government that
investments are on-track to
deliver expected benefits/
throughout delivery.
Sourcing
Ensures the Australian
Government obtains the
best value for money from
digital and ICT-enabled
investments.
Ongoing
Operations
Regular data collection
provides intelligence
on the size, health and
maturity of the Australian
Government’s digital and
ICT-enabled investments.
How the Australian Government manages its digital projects to support success | MDPR 2025 | DTA 14
Key principles
for good assurance
Plan for assurance
Drive good decisions
Expert-led and independent
Culture and tone at the top
Focus on risks and outcomes
Reforms supporting success
Enabling project success through good assurance
Since 2021, the Australian Government has invested
in strengthening central oversight of digital projects.
This central oversight works to ensure best practice is
systematically applied as digital projects are designed
and delivered across agencies. By driving the adoption of
best practice, central oversight plays a key role in giving
each digital project the best chance of success.
The Assurance Framework for Digital and ICT
Investments mandates global best practice in the use of
assurance for digital projects. While assurance doesn’t
in itself deliver outcomes, effective assurance is critical
to good governance and decision-making. All projects in
this report are subject to the Assurance Framework and
must apply its ‘key principles for good assurance’. These
principles draw on global best practice and, when applied
effectively, provide confidence that digital projects will
achieve their objectives, without leading to excessive
levels of assurance.
The Assurance Framework also includes escalation
protocols to support agencies to resolve delivery
challenges digital projects might encounter. Central
oversight of assurance also ensures that lessons
learned from across digital projects are systematically
incorporated into the design and delivery of future
projects to reduce the risk of delivery issues arising
in futur
- Get link
- X
- Other Apps
