27 November 2014 - The SingPass system is reviewed regularly and security enhancements are on-going measures to deliver a secure SingPass service and help users better protect their SingPass accounts and personal information.
Singapore, 27 Nov 2014 | For Immediate Release
The SingPass system is reviewed regularly and security enhancements are on-going measures to deliver a secure SingPass service and help users better protect their SingPass accounts and personal information.
Launched in March 2003, SingPass is a gateway to more than 350 e-services and has seen the following enhancements:
- Prompts to change passwords to stronger ones every two years.
- After any failed login attempt, users will be asked to key in a randomly-generated security code.
- Any changes made to the account holder’s key personal information will trigger a notification letter to be sent to the user to verify this change.
- Resetting of passwords
Resetting of passwords, one of the most common protective measures in place, is done when unusual activities are detected on the SingPass accounts or they have been inactive for three years. This is a common industry practice and does not mean that the accounts have been misused or compromised.
Notification letters are currently being sent out to inform users of inactive accounts about the resetting of their passwords and how they can proceed to request for new passwords. These users are given a 14-day grace period to change their passwords before their accounts are deactivated.
“We continue to strengthen the SingPass system to protect users and enable them to transact safely online when using SingPass. We monitor all SingPass accounts regularly and deactivate dormant accounts to ensure that citizens who are not using their accounts are not unnecessarily exposed. Similarly when accounts are found to have unusual activities, we will also reset the passwords immediately. These are common precautionary measures adopted by industry to protect online users," said Mr Chan Cheow Hoe, Assistant Chief Executive GCIO, of the Infocomm Development Authority of Singapore.
Given our continued efforts to improve the SingPass system, the Government will be implementing Two Factor Authentication (2FA) for e-government transactions, particularly for those involving sensitive data. This could be a one-time “second factor” password delivered through a token (hardware or software) or via Short Messaging Service (SMS).
Users are also urged to take the necessary precautionary measures to strengthen their passwords. The public can visit the Go Safe Online website at www.gosafeonline.sg to learn more about how to protect themselves against cyber threats or seek assistance.
ISSUED BY THE INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE
About Infocomm Development Authority of Singapore
The mission of the Infocomm Development Authority of Singapore (IDA) is to develop information technology and telecommunications within Singapore with a view to serve citizens of all ages and companies of all sizes. IDA does this by actively supporting the growth of innovative technology companies and start-ups in Singapore, working with leading global IT companies as well as developing excellent information technology and telecommunications infrastructure, policies and capabilities for Singapore. For more news and information, visit www.ida.gov.sg.
For media clarifications, please contact: