IDA: Over 400,000 inactive SingPass accounts will be reset as new security measure

The Infocomm Development Authority of Singapore (IDA) announced on Thursday that new security features will be reaching SingPass in 2015. -- PHOTO: ST FILE
The Infocomm Development Authority of Singapore (IDA) announced on Thursday that new security features will be reaching SingPass in 2015. -- PHOTO: ST FILE

SINGAPORE - Do not panic if you wake up one morning to find that you can no longer access your SingPass account.

The Infocomm Development Authority of Singapore (IDA) announced on Thursday that it is adding new security features to better protect SingPass users against potential hacks and security breaches.

SingPass accounts which have been inactive for more than three years will now have their passwords automatically reset. The IDA said there are currently over 400,000 of such inactive accounts out of a total 3.3 million SingPass accounts.

IDA said it has started sending notification letters to these dormant account holders to ask them to change their passwords. If nothing is done after 14 days, then these accounts will be automatically reset. The infocomm industry regulator added that it will also reset accounts if it detects unusual activities in the accounts.

"We continue to strengthen the SingPass system to protect users and enable them to transact safely online when using SingPass," said Mr Chan Cheow Hoe, Assistant Chief Executive GCIO, of IDA at a press conference on Thursday.

Accounts that are resetted can be easily restored by users making an online request to get another new password or by visiting SingPass centres.

These new measures are put in place as IDA is transitioning SingPass to a new enhanced system which is due to be rolled out in the third quarter of 2015. Among other new security features is the implementation of a two-factor authentication system for sensitive transactions. There will also be transaction notifications sent to users after they make use of government services.

These new features are on top of existing measures like prompts to change passwords every two years or to key in a randomly-generated security code after a failed login attempt.

In June this year, over 1,500 SingPass accounts were resetted after investigations showed that they may have been illegally accessed.