IDA rolls out new ways to get people on SingPass two-factor authentication to meet July 4 deadline

From the middle of February, Singapore residents can send an SMS to register for two-factor authentication.
From the middle of February, Singapore residents can send an SMS to register for two-factor authentication.PHOTO: SINGPASS

SINGAPORE - The authorities are rolling out new measures to get the masses on board SingPass' new two-factor authentication (2FA) as the clock ticks towards a July 4 sign-up deadline.

2FA is a process involving the use of a one-time password (OTP), randomly generated and delivered via SMS or a token that looks like a mini-calculator. The OTP must be entered in addition to the usual SingPass - a password set up since 2003 - and NRIC number for accessing e-government services.

Without an OTP, SingPass users will not be able to transact with the Central Provident Fund Board, Inland Revenue Authority of Singapore, Ministry of Manpower and Accounting and Corporate Regulatory Authority from July 5.

From the middle of next month (Feb), Singapore residents can send an SMS to register for 2FA. The exact details will be released closer to the date. Currently, they have to go to SingPass' website to do so.

SingPass users will also be automatically enrolled for 2FA from next month, to ensure that no one gets left behind. They will receive a PIN mailer in batches through April. But they will still need to activate their 2FA on Assurity's website or via SMS by July 4.

SMS activation is also a new feature, but it is available today (Jan 29).

"We are consistently improving our e-services to ensure that they are as user-friendly as possible without compromising security," said Ms Jacqueline Poh, managing director of the Infocomm Development Authority (IDA), which administers SingPass.

Users send an SMS to 78111 with the message: ACT(space)SMS(space)NRIC(space)Password in PIN mailer. This will activate SMS as the medium for receiving the OTP.

To activate a calculator-like token as the medium for receiving the OTP, the message should be: ACT(space)Token(space)NRIC(space)Password in PIN mailer(space)OTP generated from the token.

To activate both, the message is: ACT(space)Both(space)NRIC(space)Password in PIN mailer(space)OTP generated from the token.

The 2FA feature was rolled out in July to counter security breaches. But confusion dogged user sign-ups until recently.

  • How to activate 2FA via SMS

  • Send an SMS to 78111 with the message: ACT(space)SMS(space)NRIC(space)PIN in mailer. This will activate SMS as the medium for receiving the OTP.

  • To activate the calculator-like token called OneKey issued by IDA’s subsidiary Assurity Trusted Solutions, the message is: ACT(space)Token(space)NRIC(space)PIN in mailer(space)OTP generated from the token.

  • To activate both, the message is: ACT(space)Both(space)NRIC(space)PIN in mailer(space)OTP generated from the token.

IDA declined to reveal how many of the 3.3 million SingPass users have signed up for 2FA. But The Straits Times reported in September last year that sign-ups were low, in the five-digit range.

In December last year, IDA simplified the steps, requiring Singapore residents to complete signing up in two steps instead of three previously.

In the first step, users need to go to only SingPass' website - rather than two websites - to update one's particulars and to select SMS or a calculator-like token as the medium for receiving the OTP.

Previously, users had to go to the website of Assurity Trusted Solutions, the IDA subsidiary that supplies the OTP solution, to select the medium for receiving the OTP.

Then they wait up to seven days to receive a PIN by snail mail.

The second step involves entering the PIN and NRIC number on Assurity's website to activate the OTP feature. 

This completes the registration. Previously, users had to take yet another step: Visit SingPass' website to manually link their NAF account to their SingPass account.