Two-factor log-in for e-government services kicks in

STARTING from Tuesday, a majority of government e-services will require two-factor authentication (2FA) for log-in and transactions. In addition to the SingPass username and password, users will need to enter a one-time password (OTP) sent via SMS or generated through a OneKey token in order to open and operate the e-government service.

The government introduced the two-step verification process in July last year as part of an effort to enhance personal data security of users. According to the Infocomm Development Authority of Singapore (IDA), around 80 per cent of the two million regular SingPass users have already applied for and activated their 2FA. The government categorises SingPass users as regular if they log on more than once a year. The rest of the 1.3 million of the total 3.3 million SingPass holders are not considered active because they probably don't need to use e-government services.

Around 400,000 of the active users are yet to set up their 2FA. The IDA is giving them a one-time grace period of 30 days from the time they next log-in to their SingPass account. Explaining this, an IDA spokesman clarified that the 30 days would not be counted as calendar dates but rather will be a countdown from the time when they first log-in into their SingPass account. They would be able to proceed with their transaction after they receive the prompt after logging in. The 30-day countdown would start irrespective of the service used.