askST: What is two-factor authentication (2FA)?

The Straits Times tech writer Lester Hio explains how two-factor authentication works and how it protects your online transactions.

SINGAPORE - Come Jan 15, two-factor authentication (2FA) will be made compulsory for all SingPass users.

Currently, more than 100 government e-services such as the Central Provident Fund (CPF) and Inland Revenue Authority of Singapore (Iras) require the mandatory 2FA to perform e-transactions.

So what is 2FA? It is the extra step a user has to take before logging in to an online account or making an online transaction.

It is usually in the form of a random code sent to a mobile device or via a token.

2FA is based on the idea that a second layer of security should come from something physically near the user, so a hacker cannot log in to your accounts with only a username and password.

Anyone who attempts to do so will be stopped by this second layer of security.

However, 2FA is not always foolproof. 

If you opt for SMS one-time passwords and lose your mobile phone, hackers can get access to your accounts and information stored in your device.

Cyber security experts say using a token for 2FA is safer, even if it is more inconvenient.

Just remember to keep the token stored away in a safe place and never reveal the number generated to anyone.

More askST stories here.