Different ways to set up SingPass' security feature

The OneKey two-factor authentication (2FA) device generates a one-time password for users.
PHOTO: Assurity

If you have yet to sign up for SingPass' new two-factor authentication (2FA), fret not.

The original July 4 deadline has been extended, the Infocomm Development Authority (IDA), which administers SingPass, announced on Monday.

Users have one month - which will kick in once they log in for the first time from July 5 - to register and activate the 2FA. This means the one-month deadline is different for different users.

The 2FA feature, launched last July, uses a randomly generated one-time password (OTP) delivered via SMS or a OneKey token that looks like a mini-calculator. The OTP must be entered together with the usual SingPass requirements of a password and NRIC number for accessing e-government services.

For those who encounter problems signing up, here are the answers to some commonly asked questions.

Q I didn't get the PIN mailer. What should I do?

A The most common feedback on The Straits Times Facebook page is about the missing PIN mailer. Some people have reportedly asked for it multiple times.

The PIN must be entered together with one's NRIC number on the website of IDA's subsidiary, Assurity Trusted Solutions, which supplies the 2FA system.

Those with Singapore mobile numbers registered on the SingPass website can also activate their 2FA via SMS.

To receive the mailer, users must first update their mobile numbers and address on SingPass' website before requesting it. The missing PIN mailer might have shown up at your old address if you had moved recently.

Even so, fret not. Users can still ask for a new PIN mailer. Simply send an SMS to 78111 from the registered mobile number with this message: Resend pin mailer(space)NRIC(space)Postal Code. The mailer will take up to seven days to arrive.

If you are still unsure, you can make inquiries at helpdesk @assurity.sg.

Q Is it compulsory to sign up?

A No. It depends on whether you need e-government services. Registering for 2FA is only for people who need to regularly transact on government websites, including filing their income tax returns and paying carpark fines.

The Central Provident Fund Board, Inland Revenue Authority of Singapore, Ministry of Manpower and Accounting and Corporate Regulatory Authority are among the government agencies that require 2FA for sensitive transactions. Even so, many physical counters have been set up islandwide - including at community centres - to help members of the public with their SingPass queries and 2FA registration problems.

Go to our online story athttp://str.sg/4igA for the list of 2FA counter locations. They are closed on public holidays.

Q I wasn't given the option of SMS for receiving the OTP. Why is that?

A The sign-up process involves users updating their particulars on the SingPass website and then selecting either SMS or token as the medium for receiving the OTP.

Your mobile number must be registered on the SingPass website before the SMS option is given. A mobile number can be tied to only one individual. No sharing of mobile numbers is allowed.

Existing OneKey users may need to update their mobile numbers at www.onekey.sg too, using their SingPass credentials.

Q Can existing OneKey users opt for SMS as the medium for receiving the SingPass OTP?

A OneKey is already being used by 600,000 online investors and members of the National Trades Union Congress. Existing users of OneKey can use the same token to access e-government services as part of the enhanced SingPass. They may also opt for SMS to receive their OTP by updating their mobile numbers at www.onekey.sg too, using their SingPass credentials.

This article was first published on July 9, 2016. Get a copy of The Straits Times or go to straitstimes.com for more stories.