Easier to register for SingPass 2FA SMS one-time password option

We thank Ms Maria Loh Mun Foong for her feedback ("Register early for SingPass 2FA for lead time to resolve issues"; Forum Online, March 27).

Assurity, the appointed partner for SingPass two-factor authentication (2FA), is also a vendor to other organisations that provide their customers with a OneKey token to be used to authenticate online services.

In April last year, the Singapore Exchange (SGX) auto-registered Ms Loh for a OneKey token for her online transactions with SGX.

This token was activated then.

Ms Loh could use the same token as the SingPass 2FA once the token was linked with her SingPass account.

However, we understand that Ms Loh's preferred mode of SingPass 2FA was an SMS one-time password (OTP).

In March this year, Ms Loh's OneKey token was found to be faulty, which resulted in Ms Loh being unable to log in to her National Authentication Framework account to update her mobile number.

She then made a report to Assurity. The Assurity help desk followed up with Ms Loh, and assisted to update her mobile number after conducting the necessary security verifications.

Consequently, Ms Loh was able to activate the SMS-OTP option upon her SMS-OTP verification.

We recognise that some users may have experienced a more complex process to register for the SingPass SMS-OTP option if they were previously auto-registered for OneKey token as part of their transactions with other organisations.

The team has since enhanced the system to make it easier for users who have not activated their OneKey token to register for the SingPass 2FA SMS-OTP option directly at the SingPass website.

We agree with Ms Loh and also urge users to set up their 2FA early, before the compulsory deadline for SingPass 2FA, to perform sensitive government e-transactions from July 5 onwards.

Charles Fan

Chief Executive Officer

Assurity Trusted Solutions