IDA reviewing the use of IC number as username for SingPass system

The current SingPass system in which people use their identity numbers as their usernames for logging into some 340 Government e-services is under review. -- PHOTO: LIM YAOHUI FOR THE STRAITS TIMES
The current SingPass system in which people use their identity numbers as their usernames for logging into some 340 Government e-services is under review. -- PHOTO: LIM YAOHUI FOR THE STRAITS TIMES

SINGAPORE - The current SingPass system in which people use their identity numbers as their usernames for logging into some 340 Government e-services is under review.

In a statement sent late Thursday night, the Infocomm Development Authority said it would be "refining" the SingPass system by the third quarter of next year.

"As part of this continued effort to improve the system, we are also exploring further measures such as allowing users to set their own usernames in the new system instead of their NRIC numbers," said the IDA.

The regulator said it is also "exploring" the use of two factor authentication (2FA) for e-government transactions, particularly for those involving sensitive data but did not elaborate further.

The IDA revealed on Wednesday that some 400 SingPass accounts had had their confidential passwords reset without authorisation. In all, more than 1,500 SingPass accounts could have been tampered with, potentially threatening the security of citizens' data like Central Provident Fund accounts and income tax records.

While investigations are ongoing, the IDA insisted that the SingPass system "was not compromised" and the vast majority of users were not affected.

SingPass is a password that was set up for every citizen in 2003 to access the 340-plus e-government services. SingPass transactions have soared more than 10 times since its launch, from 4.5 million in 2003 to 46.3 million in 2011. Last year, 57 million transactions were made using SingPass. Now, there are more than 3.3 million SingPass users.