Top Stories


    Jul 03, 2015

    Sign up for safer SingPass from Sunday

    USERS will be able to sign up for a new, more secure SingPass on Sunday that will have enhanced security features to better protect sensitive transactions.

    The enhanced SingPass will use two-factor authentication (2FA) to protect personal data, the Infocomm Development Authority (IDA) said yesterday.

    SingPass is a password that secures Singapore residents' access to more than 200 e-government services. The enhanced access will initially be voluntary, granted to those who sign up for it by logging into the SingPass website and registering for 2FA.

    But from July 5 next year, it will be mandatory for all SingPass accounts to be secured with 2FA.

    With 2FA in place, a one-time password will be sent out for any transaction that involves sensitive data, such as checking Central Provident Fund account balances or filing taxes. This is in addition to logging on with the usual SingPass and username.

    The one-time password will be sent via SMS or randomly generated on a OneKey token.

    Those who own a OneKey token can link it to their SingPass account from Sunday.

    A token and separate pin mailer password will be sent within five working days to those who register for one.

    More than 100 government e-services will offer 2FA when the enhanced SingPass launches. Users who use these services from Sunday will be prompted to sign up for it.

    These include applying for work permits or employment passes online through the Ministry of Manpower.

    The agency was affected by a SingPass breach in June last year, when 1,560 SingPass accounts were compromised, of which three were used to make fraudulent work pass applications.

    These enhanced security measures will protect against such breaches, said IDA managing director Jacqueline Poh.

    "Even if someone were to guess or find out your password, that's only one step of the verification. Perpetrators cannot look at your personal information or conduct sensitive transactions unless they have both your credentials and your phone or token," she said.

    David Lee, 37, who runs a coding school for children, said: "When I first signed up for SingPass years ago, my password was very simple, and could have been hacked easily. I'll register when it's launched - it's up to the individual to protect his data."

    Other changes will make SingPass more convenient for users, such as being able to immediately reset their SingPass online through a mobile phone, something that is not possible now.