SINGAPORE - Those accessing government e-services that involve sensitive data and transactions may soon have to enter a one-time password sent via SMS or security tokens.
More details will be announced later this year, Minister for Communications and Information Yaacob Ibrahim said in Parliament yesterday, in response to questions on the recent SingPass breaches.
Some 1,560 SingPass accounts were compromised last month.
Two-factor authentication, which could include a one-time password and is now being mooted for SingPass, is already standard protection for e-banking here, and is one of the measures proposed to improve security.
"We are also exploring mandating more frequent password changes for SingPass accounts...We seek the public's understanding and patience for this," said Dr Yaacob.
In addition, the Infocomm Development Authority will implement a new SingPass system by the third quarter of next year.
The new system will require stronger passwords, and users may set their own usernames instead of using their NRIC numbers.
SingPass secures access to more than 300 e-government services.
"These additional authentication steps will allow for greater peace of mind when performing sensitive online transactions," noted Dr Yaacob.
He also confirmed that last month's SingPass breaches were not due to any system vulnerability, following a "further round of review of the different layers of protection at the network and the application level".