Enhancing SingPass to Better Serve and Protect Users

27 NOV 2014

The SingPass system is reviewed regularly, and security enhancements are ongoing measures to deliver a secure SingPass service and help users better protect their SingPass accounts and personal information.

Launched in March 2003, SingPass is a gateway to more than 350 e-services and has seen the following enhancements:

  • Prompts to change passwords to stronger ones every two years.

  • After any failed login attempt, users will be asked to key in a randomly generated security code.

  • Any changes made to the account holder's key personal information will trigger a notification letter to be sent to the user to verify this change.

  • Resetting of passwords

Resetting passwords, one of the most common protective measures in place, is done when unusual activities are detected on the SingPass accounts or if they have been inactive for three years. This is a common industry practice and does not mean that the accounts have been misused or compromised.

Notification letters are currently being sent out to inform users of inactive accounts about the resetting of their passwords and how they can proceed to request for new passwords. These users are given a 14-day grace period to change their passwords before their accounts are deactivated.

"We continue to strengthen the SingPass system to protect users and enable them to transact safely online when using SingPass. We monitor all SingPass accounts regularly and deactivate dormant accounts to ensure that citizens who are not using their accounts are not unnecessarily exposed. Similarly, when accounts are found to have unusual activities, we will reset the passwords immediately. These are common precautionary measures adopted by industry to protect online users," said Mr Chan Cheow Hoe, Assistant Chief Executive GCIO, of the Infocomm Development Authority of Singapore.

Given our continued efforts to improve the SingPass system, the Government will be implementing Two Factor Authentication (2FA) for e-government transactions, particularly for those involving sensitive data. This could be a one-time "second-factor" password delivered through a token (hardware or software) or via a Short Messaging Service (SMS).

Users are also urged to take the necessary precautionary measures to strengthen their passwords. The public can visit the Go Safe Online website at www.gosafeonline.sg to learn more about how to protect themselves against cyber threats or seek assistance.

ISSUED BY THE INFOCOMM DEVELOPMENT AUTHORITY OF SINGAPORE

About Infocomm Development Authority of Singapore

The mission of the Infocomm Development Authority of Singapore (IDA) is to develop information technology and telecommunications within Singapore to serve citizens of all ages and companies of all sizes. IDA does this by actively supporting the growth of innovative technology companies and start-ups in Singapore, working with leading global IT companies, and developing excellent information technology and telecommunications infrastructure, policies, and capabilities for Singapore.

For media clarification

Malini Nathan (Ms) 
Senior Manager 
Corporate and Marketing Communications Division, IDA 
DID: (65) 6211 0660 
Email: malini_nathan@ida.gov.sg 

Jacklyn Chew (Ms) 
Assistant Manager 
Corporate and Marketing Communications Division, IDA 
DID: (65) 6211 0708 
Email: jacklyn_chew@ida.gov.sg