You are here

SingPass system with enhanced security features to be launched on Sunday

The two-factor authentication (2FA) process of SingPass (Singapore Personal Access), used for a host of e-government services, has been simplified as part of ongoing enhancements to the system.

THE government will launch an enhanced SingPass system on July 5, 2015, which will include better user experience, mobile-friendly features and a two-factor authentication (2FA) for enhanced security.

According to an Infocomm Development Authority of Singapore (IDA) spokeswoman, the SingPass system has been enhanced to be easier and convenient to use with clearer instructions and more intuitive account management features. Users will be able to better navigate the site and access their account via mobile devices and update their SingPass account details easily online, she added.

As part of the enhanced security features, users will receive an SMS or email notification for any changes made to their profile. The 2FA authentication will be required for e-government transactions involving sensitive data, such as financial or health information or those that require high level of identity assurance.

Users will be able to choose either an SMS notification for a one-time pin (OTP) or would be able to use a OneKey token which has been linked to the SingPass account.

After the launch of the service on Sunday, users will need to update their SingPass account by providing and verifying their mobile number and email address, as well as by setting up their security questions and answers. After that, they would have to set up their 2-step verification process by either registering their mobile number or OneKey token.

The government will give a one-year grace period for the 2-step verification process, giving users the option to opt out of the process for any particular transaction. However, after July 5, 2016, all e-government transactions that require 2FA would require a second-level authentication. Around 60 per cent of the government's e-services require 2FA.