SingPass users and security experts want more levels of protection, following yesterday's news that more than 1,500 accounts could have been accessed illegally.
Many SingPass users said they were concerned at the scale of the tampering, given that the password system allows citizens access to some 340 e-government services, and thus, a trove of personal information.
Several have asked why the Infocomm Development Authority (IDA) did not incorporate secondary levels of authentication for services that require SingPass logins, to make it tougher for non-authorised access.
"We rely on technology heavily these days, and the ability to access government services is very vital, not less than that of access to our banking accounts," said transport planner Alan Neo, 29, who uses SingPass to manage his national service (NS) account.
"No system is impregnable, but bringing extra security measures like secondary authentication to the SingPass system would be welcomed."
Advertising executive Benjamin Yue, a 26-year-old who uses his SingPass primarily to manage his taxes, said users "entrust the Government to have safe levels of security to effectively monitor these sticky situations". "I would be very worried if someone else accessed my account... it's a breach of privacy," he said.
Security experts like Mr Ng Kai Koon, director of government affairs (Asia-Pacific and Japan) at Symantec Corp, suggested the IDA add a process called two-factor authentication (2FA) - a standard protection for e-banking here - to more SingPass platforms with confidential data.
These could include access to Central Provident Fund (CPF) and NS accounts, he said.
"2FA is a good solution in ensuring a more secure system," said Mr Ng. "Even if the Government had restrictions in resources and time, we need to step back and think about the critical systems that need to be protected."
In the meantime, all users should take steps to strengthen their SingPass passwords and adopt "good cyber hygiene" - keying in passwords only on secure devices and networks and logging out from accounts, he added.
"SingPass is a critical system for Singaporeans and is used for quite a number of daily transactions, so certainly this is a good wake-up call to the users as well to take better care of their accounts," said Mr Ng.
Legal counsel Gabriel Gn will be changing his password to one that is harder to crack, "just in case". "I am very worried my account might have been hacked, as the fact that SingPass is so useful is also what makes it so dangerous," said the 28-year-old, who uses SingPass to check on his CPF monies and NS account.
He added that generally, Singaporeans have not been very exposed to Internet fraud: "We have been quite blessed in that sense."
This article was first published on June 04, 2014.
Get a copy of The Straits Times or go to straitstimes.com for more stories.