Security boost for SingPass users soon

Security boost for SingPass users soon

From next month, SingPass users checking their Central Provident Fund (CPF) and Inland Revenue Authority of Singapore (Iras) accounts will have the option of using a one-time password (OTP) to better secure their e-government transactions.

The passwords - which are generated randomly on the "OneKey" calculator-like token or delivered by SMS - are part of a system upgrade which took place after more than 1,500 SingPass accounts were breached a year ago.

SingPass grants Singapore residents access to 340 e-government services.

Three of the accounts breached were used to make fraudulent applications for work passes.

It is hoped that the OTP will make accounts harder to hack into. The OTP is entered in addition to the usual SingPass and username, their NRIC number. The added layer of security is known as two-factor authentication.

SingPass maintenance messages have been put up on the SingPass, CPF and Iras websites, alerting users that the online services on these sites will not be available from 10pm tomorrow to 10am on Sunday.

All e-government services will also be unavailable from 10pm on July 4 to 10am on July 5 due to a final round of SingPass maintenance, after which the enhanced SingPass will be launched.

The Infocomm Development Authority (IDA) has confirmed that the CPF Board and Iras will be among a number of government agencies to start using the enhanced SingPass after its launch next month.

It is not known if the Manpower Ministry, which was affected by the breach last year, is included in the initial list of government agencies. No further details were given.

An IDA spokesman said: "In preparation for the launch, we will be conducting system testing, which may result in users experiencing some intermittent access issues or not (being) able to use the service."

Earlier in the year, a government bulk tender was awarded to IDA subsidiary Assurity Trusted Solutions to supply the OTP devices to all Singapore citizens and permanent residents.

Dubbed OneKey, they are already being used by 600,000 online investors and members of the National Trades Union Congress, the national umbrella body for trade unions.

Existing users of OneKey can use the same token for accessing e-government services as part of the enhanced SingPass.

Users can also opt to receive the OTP via SMS, depending on whether the transaction is highly sensitive.

Said IT consultant Nigel Tan, 28: "I would choose SMS over tokens for generating the OTPs for now, unless the banks which have issued their own tokens switch to OneKey."

itham@sph.com.sg


Get MyPaper for more stories.

This website is best viewed using the latest versions of web browsers.