Case Study: Carers ACT achieves passwordless, phishing-resistant access to sensitive health data with Yubico YubiKey

Carers ACT delivers quality carer interactions thanks to passwordless logins with the YubiKey

Carers ACT is an Australian non‑profit that supports unpaid family and friend carers across Canberra and Illawarra and handles highly sensitive client health records. Increasingly sophisticated spear‑phishing and credential‑compromise threats, combined with cumbersome passwords and legacy MFA (SMS/authenticator apps) on shared workstations, created security and operational challenges and drove frequent IT support for password resets.

To address this, Carers ACT deployed Yubico Security Key C NFC (FIDO2/WebAuthn) to all support workers and enforced it via Microsoft Entra/Conditional Access and Intune, enabling a passwordless, phishing‑resistant login experience. The rollout simplified access on shared devices, cut password‑reset support costs, improved staff login friction, met stronger compliance requirements, achieved strong user adoption, and freed staff to focus on delivering care.

Carers ACT

Thomas Pike

ICT Innovation Lead