Signing up for safer SingPass simplified; more streamlining expected

Previously, that step involved going to two websites to update one's particulars and to select SMS or a calculator-like token as the medium for receiving the OTP.
Previously, that step involved going to two websites to update one's particulars and to select SMS or a calculator-like token as the medium for receiving the OTP.PHOTO: ST FILE

Two steps needed to register instead of three previously; more streamlining expected

Signing up for SingPass' new two-factor authentication (2FA) for safer e-government transactions is now easier.

A simpler process was rolled out on Sunday requiring Singapore residents to complete signing up in two steps instead of three previously.

2FA involves the use of a one-time password (OTP), randomly generated and delivered via SMS or a token that looks like a mini-calculator. The OTP must be entered in addition to the usual SingPass - a password set up since 2003 - and NRIC number for accessing e-government services.

 

The 2FA feature was rolled out in July to counter security breaches. But confusion dogged user sign-ups until recently.

As a result, sign-ups were low, in the five-digit range, as reported by The Straits Times on Sept 23. A week later, the Infocomm Development Authority (IDA) announced it would simplify the process.

When contacted yesterday, an IDA spokesman said: "Based on public feedback received, we have streamlined the SingPass 2FA registration process."


ST ILLUSTRATION: ADAM LEE

All 3.3 million SingPass users must meet the sign-up deadline of end-June 2016, or risk not being able to transact with the Central Provident Fund Board, Inland Revenue Authority of Singapore and Ministry of Manpower.

Some SingPass users were pleasantly surprised by the change. Marketing manager Aaron Koh, 39, said: "The first step is so much faster now, involving fewer clicks."

 

Previously, that step involved going to two websites to update one's particulars and to select SMS or a calculator-like token as the medium for receiving the OTP.

The former was done on the SingPass website, administered by IDA, and the latter, on the website of Assurity Trusted Solutions, the IDA subsidiary that supplies the OTP solution.

Now, everything is consolidated on SingPass' website. Users are asked to agree to let Assurity retrieve their personal details from SingPass. Sharing of information requires verification, which means users need to wait up to seven days - from five days before - to receive a PIN by snail mail.

The second step involves entering the PIN and NRIC number on Assurity's website to activate the OTP feature. Users also need to create a new National Authentication Framework (NAF) username and password - in case a token is lost and needs to be suspended, or a mobile number needs updating.

This completes the registration. Previously, users had to take yet another step: Visit SingPass' website to manually link their NAF account to their SingPass account.

The Straits Times understands that more streamlining can be expected in the next two months.

A version of this article appeared in the print edition of The Straits Times on December 22, 2015, with the headline 'Signing up for safer SingPass simplified'. Print Edition | Subscribe