The usual resistance factors to the adoption of passkeys could be at play here…

The government of Australia recently announced the adoption of passkeys for their citizens’ digital identity portal, myGov, in order to enhance security against account takeover attacks.

Thousands of myGov accounts had been suspended monthly in the past, due to turnkey scam kits being sold on the Dark Web that had enabled more cybercriminals to phish for login credentials.

However, despite the launch of better security features, reports have indicated that around 20,000 sign ups in the week of the launch — indicating a need to increase the take-up rate.

Passkeys tackle many problems associated with traditional passwords, such as vulnerability to brute force attacks, phishing and credential stuffing, especially when passwords are reused or weak. By eliminating the need for complex passwords and offering built-in phishing protection, the myGov passkeys make unauthorized access much more difficult. They also streamline the sign-in process, reducing the burden of managing multiple passwords and encouraging stronger security practices.

According to Darren Guccione, CEO and co-founder, Keeper Security: “Passkeys utilize public-key cryptography, replacing traditional passwords with a pair of cryptographic keys: a private key stored securely on the user’s device and a public key registered with the service provider. The authentication process with passkeys, though technically advanced, is simplified for users through biometric challenges. When a user attempts to access their myGov account, the service provider sends a challenge to their device. The device then signs this challenge with the private key and returns the signed response for verification. Since the private key never leaves the device, passkeys offer robust protection against phishing attacks.”

In the past, passkeys adoption around the world had posed challenges. Users familiar with passwords had been reluctant to switch to a new authentication method without fully grasping its benefits, Guccione added: “Additionally, since passkeys are linked to specific devices, accessibility can be an issue. This is where password managers can play a crucial role, as they allow users to store both passwords and passkeys securely, ensuring access from any device or platform.”