New figures reveal that over 200,000 users of myGov password stopped using passwords in favour of exclusively using passkeys as their login method by the end of last year.
Over half a million myGov users have now set up passkeys to log into their accounts in the first six months of the authentication method going live.
The passkey solution was first launched on June 30, 2024, with 20,000 myGov users setting up the phishing-resistant credentials within the first week.
A new report [pdf] by the Digital Transformation Agency revealed that the passkey project cost $5.6 million.
Of this, $3.3 million was spent on the design, development, implementation, deployment and testing of digital capability.
Former government services minister Bill Shorten unveiled plans to implement passkeys for myGov, removing the need for username-password credentials that are often the target of phishers.
Passkeys rely on the biometric capabilities of the user’s device or a PIN or swipe pattern on the screen.
Alternatively, they can be a physical USB device that is “inserted into or [kept] close to the device” used to sign into myGov.
According to the DTA’s Major Digital Projects Report 2025, the myGov passkeys “use the latest in cryptographic keypair technology”.
“Using a passkey and disabling a password makes myGov accounts resistant to phishing attacks because the passkey only works with the website or app it is created on, which means it will not work on a phishing website,” the report said.
The report also reiterated Shorten’s earlier statement that Australia is “among the first digital government services in the world to implement passkeys.”
