Singapore strengthens SingPass security
By Digital News Asia December 2, 2014
- 64 agencies use SingPass to authenticate users of more than 350 e-govt services
- Enhancements include prompts to sue stronger passwords, 2FA to be introduced
THE Singapore Government said it has enhanced security around SingPass, the single sign-on for users to access e-government services at www.ecitizen.gov.sg and various government websites.
SingPass, rolled out in 2003, serves as a single-factor authentication method so that users only need to remember one password when transacting with the Government.
Currently, about 64 government agencies use SingPass as a form of authentication for citizens and residents to access more than 350 e-government services that require secure user identification, the Infocomm Development Authority of Singapore (IDA) said in a statement.
READ ALSO: Malaysian PM’s Office outdoes Singaporean counterparts … in website speed at least
The SingPass system is reviewed regularly and security enhancements are on-going measures to deliver a secure SingPass service and help users better protect their SingPass accounts and personal information, it added.
The new enhancements include:
- Prompts to change passwords to stronger ones every two years.
- After any failed login attempt, users will be asked to key in a randomly-generated security code.
- Any changes made to the account holder’s key personal information will trigger a notification letter to be sent to the user to verify this change.
- Resetting of passwords
Resetting of passwords, one of the most common protective measures in place, is done when unusual activities are detected on the SingPass accounts or they have been inactive for three years, the IDA said.
This is a common industry practice and does not mean that the accounts have been misused or compromised, it added.
Notification letters are currently being sent out to inform users of inactive accounts about the resetting of their passwords and how they can proceed to request for new passwords. These users are given a 14-day grace period to change their passwords before their accounts are deactivated.
“We continue to strengthen the SingPass system to protect users and enable them to transact safely online when using SingPass,” said Chan Cheow Hoe, IDA assistant chief executive and group chief information officer.
“We monitor all SingPass accounts regularly and deactivate dormant accounts to ensure that citizens who are not using their accounts are not unnecessarily exposed.
“Similarly when accounts are found to have unusual activities, we will also reset the passwords immediately. These are common precautionary measures adopted by industry to protect online users,” he added.
The Government said it will also be implementing Two-Factor Authentication (2FA) for e-government transactions, particularly for those involving sensitive data. This could be a one-time ‘second factor’ password delivered through a token (hardware or software) or via Short Messaging Service (SMS).
Users are also urged to take the necessary precautionary measures to strengthen their passwords.
The public can visit the Go Safe Online website at www.gosafeonline.sg to learn more about how to protect themselves against cyber threats or seek assistance.
IDA unit sets up 2FA development and test platform at Nanyang Polytechnic
CrimsonLogic on e-govt nuances and future trends
1Malaysia e-mail to go on, says Pemandu, Tricubes
For more technology news and the latest updates, follow @dnewsasia on Twitter or Like us on Facebook.