Saturday, 4 July 2015

More secure SingPass being rolled out on 5 July 2015

It will use two-factor authentication to protect users' personal data
By Lester Hio, The Straits Times, 3 Jul 2015

Users will be able to sign up for a new, more secure SingPass on Sunday that will have enhanced security features to better protect sensitive transactions.

The enhanced SingPass will use two-factor authentication (2FA) to protect personal data, the Infocomm Development Authority (IDA) said yesterday.

SingPass is a password that secures Singapore residents' access to more than 200 e-government services. The enhanced access will initially be voluntary, granted to those who sign up for it by logging on to the SingPass website and registering for 2FA.

But from July 5 next year, it will be mandatory for all SingPass accounts to be secured with 2FA.

With 2FA in place, a one-time password will be sent out for any transaction that involves sensitive data, such as checking Central Provident Fund account balances or filing taxes. This is in addition to logging in with the usual SingPass and user name.

The one-time password will be sent through an SMS or randomly generated on a OneKey token.

Those who own a OneKey token can link it to their SingPass accounts from Sunday.

A token and separate pin mailer password will be sent within five working days to those who register for one.

More than 100 government e-services will offer 2FA when the enhanced SingPass is launched. Users who use these services from Sunday will be prompted to sign up for it. These include applying for work permits or employment passes online through the Ministry of Manpower.

The agency was affected by a SingPass breach in June last year, when 1,560 SingPass accounts were compromised, out of which three were used to make fraudulent work pass applications.

These enhanced security measures will protect against such breaches, said IDA managing director Jacqueline Poh. "Even if someone were to guess or find out your password, that's only one step of the verification. A perpetrator cannot look at your personal information or conduct sensitive transactions unless he has both your credentials and your phone or token."

Mr David Lee, 37, who runs a coding school for children, said: "When I first signed up for SingPass years ago, my password was very simple and could have been easily hacked. I'll register when it (the enhanced SingPass) is launched - it's up to the individual to protect his data."

Other changes will make SingPass more convenient for users, such as being able to immediately reset their SingPass online through a mobile phone, something that is not possible now.

No comments:

Post a Comment