An enhanced SingPass was rolled out on Sunday (July 5) with stronger security capabilities, an improved user interface and mobile-friendly features.
Users will have to sign up for the new SingPass to enjoy the new features. Here are key features of SingPass and how to sign up:
What is SingPass?
SingPass is a password that secures Singapore residents' access to more than 200 e-government services.
These include checking Central Provident Fund (CPF) account balances, filing taxes and applying for public housing.
It is used by more than 60 government agencies.
There are over 3 million SingPass users in Singapore and about 60 million transactions are performed every year with SingPass.
Why the enhancement?
The SingPass system, which is managed by the Infocomm Development Authority of Singapore, is reviewed regularly. Security enhancements are constantly added to ensure that users' personal data are better protected.
The rise of cyber threats in Singapore and globally means that security for SingPass must be upgraded to keep up with such threats.
The system drew attention in June 2014 when it was discovered that 1,506 accounts had potentially been compromised when they were accessed without their users' permission.
What you need to do
Go to www.singpass.gov.sg and log in with your existing username and SingPass.
First, you will need to update your SingPass account. You will then have to provide and verify contact details, and set up a minimum of two security questions.
Once you have done so, you can set up two-step verification.
Users can either register for SMS notifications or a OneKey token.
Those who opt for a token will receive it, and a separate pin mailer password, within five working days.
Once they have received them, users will have to link the token to their SingPass account by logging in and registering the token with their account.
Users with an existing OneKey token can immediately link it to their account once the enhanced SingPass is launched.
What if I don't upgrade my SingPass?
There will be a one-year transition period for users to set up their 2-step verification.
From now until July 5, 2016, all users can still access government e-services involving sensitive data even if they do not upgrade to the new SingPass.
But after July 5, 2016, users who have not set up their 2-step verification will not be able to access government e-services that involve sensitive information.
This means that users who want to access services like checking CPF account balances must have the enhanced SingPass from July 2016 onwards.
What can you expect from the enhanced SingPass?
Greater security:
The enhanced SingPass will feature two-step verification for more than 100 services that involve sensitive information.
Under this system, users will log in with their username and SingPass as normal. When they perform sensitive transactions, they will also have to input a one-time password which will be sent to their mobile phones, or generated through a token.
This added layer of security means that hackers will need to have access to a user's phone or token on top of their username and SingPass in order to access their account.
Users will also receive SMS or e-mail notifications when anything is changed in their accounts or profiles, such as password resets.
Greater ease of use:
The SingPass website will feature a simpler interface and design. It will also have clear instructions and tool-tips. Security codes will also be clearer.
There will also be how-to videos to provide users with an overview of enhancements and step-by-step guides for various transactions.
The SingPass mobile website will also be optimised. The screen display will be resized to fit a mobile browser, and key information and tasks will be prioritised for the user.
Greater convenience:
Users who have forgotten their SingPass password can reset it online almost immediately via their mobile phones, instead of visiting a SingPass counter or submitting an online request to have the new password mailed to their registered address.
They will also be able to view their account history and any changes made to it, such as password resets or e-service authentications.
