Making vaccine passports work

Vaccination passports are in many ways a natural evolution of contact tracing technology, writes Johan Fantenberg.

Johan Fantenberg

Contact tracing apps have been a crucial tool for public health officials to curb outbreaks to date, enabling quick notifications to those who have been close to someone who has tested positive for COVID-19.

Vaccination passports are in many ways the evolution of this, and will be used to easily track and trace who’s been vaccinated against the virus.

As we continue to navigate our way out of the ongoing COVID-19 pandemic, digital vaccination passports will play an increasingly critical role in how we reopen both locally and internationally as more countries open up their borders again. 

While discussion over the exact applications of these vaccine passports is still ongoing, now is the time for both state and federal governments to come together and map out how to ensure they are both accessible and secure in the eyes of the Australian public.

Protecting data

This includes ensuring that the underlying personal and private data is protected, and that only necessary data is disclosed when proving your vaccination status.

In many cases a simple ‘yes’ or ‘no’ indication should be all that is needed, whilst in other cases more details may be required. 

The user should always be in control of what level of details they are prepared to disclose. This may of course impact what services that can be provided. Keeping vaccine passports uncomplicated and transparent.

Government and industry collaboration will be critical to identifying the most secure and accessible ways of implementing a successful vaccine passport system across Australia.

Central hub

The NSW Government’s recent establishment of a Digital Identity Ministerial Advisory Council (DIMAC) to help build a strategic direction and roadmap for digital identity in the state is an encouraging step in this occurring more broadly across Australia in other states and federally. 

Other nations have already implemented similar passport systems, which can help guide Australia’s own approach. For instance, France  introduced a pass needed to enter cinemas, museums, sports venues and events or places catering to over 50 people.

Earlier in 2021, Israel introduced a green pass QR code system to show vaccination status. The European Union has also implemented a vaccine passport system that allows travellers fully vaccinated with certain vaccines to move freely within the region.

These different systems highlight that regardless of whether Australia’s own vaccine passport system ends up relying on QR codes or different applications to store vaccine information, the first step in a successful Australian vaccine passport system lies in establishing a central system or application for housing this information.

This approach will be similar to how the myGov platform works as a hub connecting personal information from different areas like health and tax. This will enable the easy development of wider vaccine passport systems to easily ‘plug in’, whether that is for granting entry to local venues, crossing state borders or providing vaccination status when travelling abroad.

More importantly, this centralised approach to vaccine information will enable citizens to see exactly how their information is being used throughout the passport process to put trust at the forefront of this service. 

Beyond passwords

Looking beyond passwords to enhance securityAlongside this centrality, another consideration lies in developing the best means for citizens to log into these passport platforms.

With vaccine passport platforms handling such personal information for each citizen, traditional logins and passwords won’t cut it.

Methods of logging into services securely have evolved significantly to also ensure ease of use. There are now many new means of logging in that remove the hassle of remembering specific details like usernames, emails, and passwords to minimise the potential for malicious actors to target these platforms. 

Examples of this include multi-factor authentication (MFA) or biometric authentication. These new ways of logging into services are paving the way for more passwordless authentication, through which users can provide a pin-protected external authenticator or biometrics that are native to devices like Touch ID. 

By having the login process for these vaccine passport systems based on a unique authentication feature, like a fingerprint, PIN, or voice recognition, it creates a new layer of security that is also convenient for the user.

Additionally, measures like this also improve the overall user experience by tying a new layer of personalisation to the login process so that they don’t have to memorise the same IDs and passwords, ensuring the passport system is easy to use. 

As the COVID-19 pandemic continues to evolve, digital vaccination passports will be key to how we reopen both locally and enable safe international travel again. While discussion over the exact applications of these vaccine passports is still ongoing, now is the time for both state and federal governments to map out exactly how to best ensure they are both accessible, secure, and trusted for the Australian public to use easily.

Johan Fantenberg is Principal Solutions Architect at ForgeRock

Comment below to have your say on this story.

If you have a news story or tip-off, get in touch at  

Sign up to the Government News newsletter

One thought on “Making vaccine passports work

Leave a comment:

Your email address will not be published. All fields are required