Technology News

Government Looks To Passkey & Facial Recognition Technology For myGov Authentication

From next year the federal government plans to change the authentication process for Australian's accessing the myGov system. The protentional shift involves adopting passwordless methods, such as passkeys and facial recognition to further secure accounts and prevent potential scams.

Matthew Giannelis
Matthew Giannelis

According to Government Services Minister Bill Shorten the introduction of more secure login options will modernise and better secure Australia’s myGov accounts.

“Passkeys will be introduced to bring myGov further into the 21st century, allowing Australians the ability to use biometric options such as facial recognition to access the site,”

“These important sign-in alternatives are familiar to many Australians and are a key safeguard against scammers who use phishing tactics to harvest personal information, like people’s date of birth, to fraudulently access accounts.” he said.

The Albanese administration has raised security concerns regarding myGov. Minister Shorten recently disclosed that myGov scams have led to losses totaling $3.1 billion, with 4,500 successful scams reported just this year. In response, a proactive measure has been taken to suspend thousands of myGov accounts to prevent potential scams.

At the press conference, Minister Shorten said the government planned to upgrade the security of the myGov system. As a result, it will benefit from a number of changes to how customers can sign-in, ensuring that accounts and personal information remain protected he said.

“What we want to do in the future, and we will do it in the first six months of next year, is that we want to use the security capabilities and functionalities of your smartphone or your Android phone and that can be the way you access myGov,”

“It’ll be harder to be a victim of phishing schemes and scams, if you use the facial recognition software on your phone as your means to access government services,”he said.

Alongside the new announcement, Minister Shorten said the government was working to improve online defences and develop a digital ID that would consolidate verification and eliminate security flaws related to having passwords

Government sources believe people reuse their passwords at least 50% of the time, making it possible for hackers and scammers to use the stolen passwords to access other online accounts.

Minister Shorten indicated that the government is actively enhancing online defenses and creating a digital ID system aimed at streamlining verification processes and mitigating security vulnerabilities associated with passwords.

Passwordless Authentication Methods

Passwordless authentication methods aim to provide secure access to systems or applications without requiring users to enter traditional passwords. Two common passwordless authentication methods are facial recognition and passkeys.

  1. Facial Recognition:
    • How it works: Facial recognition uses biometric data from an individual’s face to verify their identity. The system captures and analyses facial features, such as the distance between the eyes, nose, and mouth, to create a unique facial template.
    • Authentication process:
      1. Enrollment: Users register their facial features during an initial setup. The system captures and stores the unique biometric data.
      2. Authentication: During subsequent login attempts, the user’s face is captured using a camera or other sensors. The system compares the captured data with the stored template to verify the user’s identity.
    • Advantages:
      • Convenient: Users only need to present their face, eliminating the need to remember and input passwords.
      • Secure: Biometric data is unique and difficult to forge.
    • Challenges:
      • Accuracy: Environmental factors, changes in appearance, or low-quality images can affect accuracy.
      • Privacy concerns: Storing and handling biometric data raises privacy issues that must be addressed.
  2. Passkeys:
    • How it works: Passkeys involve the use of a device or token that the user possesses, such as a mobile phone or a hardware security key. This device serves as a unique identifier for authentication.
    • Authentication process:
      1. Enrollment: Users associate their account with the passkey device during the initial setup.
      2. Authentication: When logging in, users present the passkey, either by inserting a hardware token or using a mobile app. The system verifies the validity of the passkey.
    • Advantages:
      • Enhanced security: Physical possession of the passkey is required for authentication.
      • Versatility: Passkeys can take various forms, including hardware tokens or mobile apps.
    • Challenges:
      • Loss or theft: If the passkey device is lost or stolen, it could potentially be used for unauthorised access.
      • Cost: Deploying and managing passkey devices may involve additional expenses.

In tandem with the shift away from passwords, the federal government announced a new advisory group aimed at enhancing the security of myGov and safeguarding user data.

Minister Shorten also revealed the establishment of the group, citing a myGov user audit that identified the platform as critical national infrastructure, making the appointment of such a group a crucial recommendation.

Heading the advisory group is Victor Dominello, former NSW minister for customer service and digital government.

“I’m thrilled Mr Dominello has accepted my invitation to lead the new advisory group, which will provide me with advice and assurance on approaches to designing, funding and prioritising customer-centred improvements for myGov,”

“Victor Dominello is one of Australia’s top innovators, and his leadership, influence and passion for customer-centred digital service delivery has already delivered significant benefits to New South Wales residents during his time as a minister.”

Minister Shorten said the announcement is just one way the Albanese Government is restoring myGov, with opportunistic scammers next on the hit list.

“In addition to the new Advisory Group, myGov will also soon benefit from a number of changes to how customers can sign-in, ensuring that accounts and personal information remain protected,” Minister Shorten said.

“Passkeys will be introduced to bring myGov further into the twenty-first century, allowing Australians the ability to use biometric options such as facial recognition to access the site.

“These important sign-in alternatives are familiar to many Australians, and are a key safeguard against scammers who use phishing tactics to harvest personal information, like people’s date of birth to fraudulently access accounts,”

“I look forward to working with the Advisory Group on further measures to improve the site, bolster security, and lock out the scammers.” he said.

myGov Accounts Suspended – Scam-In-A-Box

Last week, the federal government disclosed that a significant number of myGov accounts are suspended monthly due to apprehensions of unauthorised access facilitated by “scam-in-a-box” kits available for purchase on the dark web.

In certain instances, these kits include security features that enable wrongdoers to orchestrate numerous scams simultaneously, swiftly shutting them down to evade detection.

Some kits possess the ability to recognize interactions with tech-savvy users, guiding them to the authentic myGov website. Counterfeit websites often closely mimic the genuine version.

An advertisement encourages buyers by asserting that a majority of Australians already possess a myGov account. It suggests obtaining login credentials and ensuring the linkage of the Australian Tax Office to their account is all that’s required.

Australians have already incurred losses of $3.1 billion to scams this year, and myGov, hosting critical data from Centrelink, the Australian Tax Office, and Medicare, remains an enticing target for criminals seeking to pilfer sensitive information.

In the upcoming year, the government plans to implement passkeys, utilising face or fingerprint recognition instead of conventional usernames and passwords. The new proactive measure aims to significantly enhance security, rendering it more challenging for scammers to illicitly access accounts.

In August, the Australian Tax Office cautioned individuals about the dangers of engaging with fraudulent emails and text message scams that lead recipients to counterfeit myGov websites.

These deceptive communications commonly falsely claimed that individuals were entitled to a tax refund or required to verify their bank account details, guiding them to deceptive websites.

An ATO spokesperson noted, “We are observing a rising volume of reports concerning various ATO impersonation SMS and email scams.”

By Matthew Giannelis
Follow:
Secondary editor and executive officer at Tech Business News. An IT support engineer for 20 years he's also an advocate for cyber security and anti-spam laws.
Previous Article Melbourne Start Up Powering Energy Storage Revolution 
Next Article Tech News - CSIRO $18m Tech4HSE Program $18m Tech4HSE Program Unites Leading Researchers In Emerging Technologies
Tech News - Mygov passwordless authentication - passkeys

Tech Articles

Attitudes Toward Work Manifest The Rise of AI

Did Our Collective Attitudes Toward Work Manifest The Rise of Artificial Intelligence? (AI)

It’s definitely something to think about. There’s a fine line…

Top Cyber Security Threats 2024

Top Cyber Security Threats In 2024

Top cyber security threats in 2024 has put the information…

AI Fatigue - Artificial Intelligence Feels Like A Broken Record

AI Fatigue: Why The Buzz Around Artificial Intelligence Sounds Like A Broken Record

The endless cycle of AI announcements has gone from exciting…