We thank Ms Tan Que Na for her feedback on her SingPass account ("Early signs of potential security problem"; last Tuesday).
Our investigations showed that Ms Tan's prompt action to reset her password ensured that no one else was able to access her account. The Captcha feature, which prevents automated scripts from guessing the password of SingPass users, also helped to secure her account from brute-force attempts.
However, we recognise that more can be done to improve the system.
We are reviewing the SingPass system to enhance its security, and improve its usability and our responsiveness to user's feedback.
We are considering additional measures such as the use of two-factor authentication (2FA), particularly for e-government transactions involving sensitive data, and to allow other options for user names besides NRIC numbers.
We would also like to take this opportunity to advise all SingPass users to adopt essential security measures when going online, such as installing updated anti-virus solutions on their computers and not opening suspicious e-mail attachments or installing software from unknown sources.
For more tips on protecting yourself online, visit www.gosafeoneline.sg
Ng Sook Fun (Ms)
Corporate and Marketing Communication
Infocomm Development Authority of Singapore
This article was first published on June 16, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.