IDA makes SingPass 2FA sign-up easier

Signing up for SingPass' new two-factor authentication (2FA) feature to secure e-government transactions better is now easier.

A streamlined registration process was rolled out on Sunday requiring Singapore residents to complete their sign-up in just two steps instead of three previously.

2FA involves the use of a one-time password (OTP), randomly generated and delivered via SMS or a token that looks like a mini-calculator. The OTP must be entered in addition to the usual SingPass - a password set up since 2003 - and NRIC number for accessing some 200 e-government services.

The 2FA feature was rolled out in July to counter security breaches. But confusion dogged user sign-ups until recently.

As a result, sign-ups were low, in the five-digit range, as reported by The Straits Times on Sept 23. A week later, the Infocomm Development Authority (IDA) announced it would simplify the process.

When contacted yesterday, an IDA spokesman said: "Based on public feedback received, we have streamlined the SingPass 2FA registration process."

All 3.3 million SingPass users must meet the sign-up deadline of end-June next year, or risk not being able to transact with the Central Provident Fund Board, Inland Revenue Authority of Singapore and Ministry of Manpower.

Some SingPass users were pleasantly surprised by the change. Marketing manager Aaron Koh, 39, said: "The first step is so much faster now, involving fewer clicks."

Previously, that step involved going to two websites to update one's particulars and to select SMS or the calculator-like token as the medium for receiving the OTP.

The former was done on the SingPass website, administered by IDA, and the latter, on the website of Assurity Trusted Solutions, the IDA subsidiary that supplies the OTP solution.

Now, everything is consolidated on SingPass' website. Users are asked to agree to let Assurity retrieve their personal details from SingPass. Sharing of information requires verification, which means users need to wait up to seven days - from five days before - to receive a PIN by snail mail.

The second step involves entering the PIN and NRIC number on Assurity's website to activate the OTP feature. Users also need to create a new National Authentication Framework (NAF) username and password - in case a token is lost and needs to be suspended, or a mobile number needs updating.

This completes the registration, where previously, users had to take yet another step: visit SingPass' website to manually link their NAF account to their SingPass account to start using the OTP feature.

The Straits Times understands that more streamlining can be expected in the next two months.

Get MyPaper for more stories.