SingPass 2FA deadline extended
THE deadline to sign up for SingPass' new two-factor authentication (2FA) came and went yesterday but access to sensitive e-government transactions was not disrupted.
This is because the Infocomm Development Authority (IDA), which administers SingPass, has adopted a more graduated approach to the process that saw just half the number of potential users sign up when the deadline passed.
Those that have not signed up will be given more time.
Based on the original deadline, all 3.3 million SingPass account holders should have 2FA activated by yesterday. Otherwise, they would not have been able to transact with the Central Provident Fund Board, Inland Revenue Authority of Singapore, Ministry of Manpower and Accounting and Corporate Regulatory Authority.
But now, once those who have not signed up log in for the first time from today, they will have one further month to register and activate their SingPass 2FA. This means the one-month extended deadline is different for different users.
"This one-time grace period helps to minimise disruption and provide flexibility to different users who have not set up their 2FA and need to perform urgent e-transactions," said Chan Cheow Hoe, IDA assistant chief executive.
So far, about half of all SingPass users - or 1.6 million of them - have signed up for 2FA. Those who have 2FA are among the two million active SingPass users.
"While the majority of regular SingPass users are 2FA-ready, we recognise that the remaining 400,000 regular users may need more time to set up their 2FA," said Mr Chan.
The 2FA feature was launched last July to counter security breaches.
It uses a randomly generated one-time password (OTP) delivered via SMS or a OneKey token that looks like a mini-calculator.
The OTP must be entered together with the usual SingPass requirements of a password and NRIC number for accessing e-government services.
The sign-up process involves users updating their particulars on the SingPass website and then selecting either SMS or token as the medium for receiving the OTP.
IDA said the deadline will not be extended forever due to security concerns.
It will monitor the sign-up rate of the remaining 400,000 regular SingPass users before deciding when to remove the deadline extension.
"The security of user accounts remains our priority," said Mr Chan. "A range of mitigating measures, such as fraud analytics tools, have also been deployed to ensure the security of SingPass accounts for users who are in the process of setting up their 2FA."