Five ways to keep your Singpass safe

18 AUG 2022

Did you know that Singpass is almost 20 years old? Launched in 2003 (the same year Cristiano Ronaldo made his first Manchester United debut), Singpass has come a long way from being a login to transact with the government to become an all-encompassing digital identity with its own feature-packed mobile application. Its security has also been constantly enhanced, such as when Two-Factor Authentication (2FA) was introduced in 2015.

With more transactions conducted online and scams continuously evolving, user vigilance is as crucial as the technical and operational safeguards put in place. Read on to learn more about these five security tips and how you can play an active role in keeping your Singpass secure.

1. Don't share your Singpass details with others

Do you know that Singpass can be used to access thousands of government and private sector services, and it contains a lot of your personal information?

Just as you would not hand over your physical identity card to just about anyone, you should not disclose your Singpass ID, password and 2FA details to others.

You should also register only your own biometric information on your mobile device. Don’t allow strangers to use your device and potentially gain access to your Singpass app!

2. Don’t click on hyperlinks or scan QR codes sent over SMS or WhatsApp by “Singpass”

Don’t click on hyperlinks or scan QR codes sent over SMS or WhatsApp by “Singpass”

Singpass does not send hyperlinks or QR codes over SMS or social messaging apps such as WhatsApp. So never click on the hyperlinks or scan the QR codes if you receive such a message.

As an added layer of security, the Singpass app is programmed to recognise only legitimate Singpass QR codes and displays an error message if an invalid QR code is scanned.

If you see such an error message, your guard should go up, and don’t attempt to scan the QR code using another QR code reader. The fraudsters may very well be relying on you to do so after being rejected by the Singpass app.

3. Check the Singpass URL domain carefully

Check the Singpass URL domain carefully

Think that you must be on the Singpass login page because it looks real and bears the Singpass logo? Think again! Scammers are constantly updating their methodologies, and phishing websites can look very similar to real websites.

That’s why you should always check the URL domain on the Singpass website before you proceed. This will help to protect you from phishing websites that trick you into disclosing your login details.

4. Don’t ignore the alert about an unusual login

Singpass will send you an alert when a login is performed on a device or Internet browser that you don’t usually use. This is part of the real-time fraud analytics deployed to identify suspicious behaviour.

Don’t ignore the notification! If you did not perform the login, report the incident immediately to the Singpass Helpdesk at 6335 3533 (operates from 8am to 10pm on Mondays to Fridays, and from 8am to 6pm on Saturdays, Sundays and public holidays) or support@singpass.gov.sg (responds in 3 working days) to secure your account.

Also, remember to update your contact details registered with Singpass so that you can receive these transactional and security alerts promptly.

5. Only one active Singpass app at a time

Only one active Singpass app at a time

The Singpass app can only be installed on one mobile device at a time, ensuring there is only one copy of your credentials.

This will come in handy should you misplace your mobile device or suspect that your account has been compromised.

Simply install and activate the app on another device, and the app on the lost device will be automatically deactivated. Alternatively, you can deactivate the Singpass app via the Singpass portal.

User vigilance is crucial in the fight against scams

If in doubt, pause before doing anything. Take a moment to verify the authenticity of the website or follow up on a security alert, and you can save yourself a lot of time and grief.

If you see others who may be engaging in unsafe digital practices, remind them that we can all do our part to protect our digital identity and data. The more people we can help spread the word to, the more we can keep safe from scammers.

Together, we can keep scammers at bay!