Added security measures for SingPass by Q3 2015

TO enhance security for e-government transactions involving sensitive data, a two-factor authentication (2FA) feature will be introduced to the Singapore Personal Access (SingPass) by the third quarter of 2015, the Infocomm Development Authority of Singapore (IDA) announced on Thursday.

This could be a one-time "second-factor" password delivered through a token (hardware or software) or via short messaging service (SMS), Chan Cheow Hoe, assistant chief executive at the Government Chief Information Office at the IDA said, adding that this feature will likely bear similarities to systems used by banks today.

In the coming months, the IDA will be rolling out tenders for security technology companies to develop the 2FA features.

Upon launch, there will be a one-year transition period, when signing up for 2FA will be optional. Thereafter, the IDA will decide if more transition time is needed.

For better usability, by Q3 2015, SingPass will also include revised security questions to make it easier for users to reset their passwords online.

Mr Chan said: "We continue to strengthen the SingPass system to protect users and enable them to transact safely online when using SingPass. We monitor all SingPass accounts regularly and deactivate dormant accounts to ensure that citizens who are not using their accounts are not unnecessarily exposed.

"Similarly, when accounts are found to have unusual activities, we will also reset the passwords immediately. These are common precautionary measures adopted by industry to protect online users."

Launched in March 2003, SingPass is a gateway to more than 350 e-services, involving 64 government agencies. The most popular e-services are the accessing of Central Provident Fund (CPF) account statements as well as the e-filing of income tax.

As at end 2013, there were about 3.3 million registered SingPass users, including 400,000 inactive accounts. These are accounts that have not been used for at least three years.