Top Stories


    Jul 08, 2014

    Another safety net soon for govt e-services

    THOSE accessing government e-services that involve sensitive data and transactions may soon have to enter a one-time password sent via SMS or security tokens.

    More details will be announced later this year, Minister for Communications and Information Yaacob Ibrahim said in Parliament yesterday, in response to questions on the recent SingPass breaches.

    Some 1,560 SingPass accounts were compromised last month.

    Two-factor authentication, which could include a one-time password and is now being mooted for SingPass, is already standard protection for e-banking here, and is one of the measures proposed to improve security.

    "We are also exploring mandating more frequent password changes for SingPass accounts...We seek the public's understanding and patience for this," said Dr Yaacob.

    In addition, the Infocomm Development Authority will implement a new SingPass system by the third quarter of next year.

    The new system will require stronger passwords, and users may set their own usernames instead of using their NRIC numbers.

    SingPass secures access to more than 300 e-government services.

    "These additional authentication steps will allow for greater peace of mind when performing sensitive online transactions," noted Dr Yaacob.

    He also confirmed that last month's SingPass breaches were not due to any system vulnerability, following a "further round of review of the different layers of protection at the network and the application level".

    Three of the 1,560 compromised SingPass accounts were fraudulently used to make six work-pass applications. The applications have since been cancelled, but it is not known who applied for them and when they were made.

    Police are investigating how the other accounts were breached.

    On how the perpetrator may have obtained users' SingPass credentials, Dr Yaacob said: "One possibility is the widespread use of simple passwords.

    "Another possibility is that malware was installed in users' computers."

    He urged Singaporeans to secure their own systems, "such as making sure that your computer software and anti-virus software are always updated".