SingPass, which stands for Singapore Personal Access, is an authentication system for citizens to access to all Government e-services.
Since 2003, all Singapore residents aged 15 have been able to apply for a SingPass ID/password to transact with the Government via online e-services.
The enhanced SingPass system was launched in July 2015 which includes an improved user interface, mobile-friendly features and stronger security capabilities, such as Two-Factor Authentication (2FA) for e-government transactions, particularly for those involving sensitive data. This one-time “second factor” password is delivered through Short Messaging Service (SMS) or an “OneKey” token.
Ever-improving Security Measures
The SingPass authentication system strives to provide users with a high level of confidence by allowing an alphanumeric password that can be as long as 24 characters, to enable end-to-end encryption of user IDs and passwords, thereby promising a high level of availability and resiliency. SingPass also enhances internal Government efficiency by eliminating the need for each agency to develop and administer its own authentication system.
Examples of improved measures taken over the years to better protect users’ personal information include:
- Users will be prompted to change passwords to stronger ones every two years.
- Passwords of accounts that are inactive for more than three years will be reset to ensure that users with dormant accounts are not unnecessarily exposed to cyber threats.
- After three failed login attempts, users will be asked to key in a randomly-generated security code to mitigate brute force attacks on login.
- Any change made to the account holder’s key personal information will trigger a notification letter, which will be sent to the user’s registered address to verify this change.