SingPass 2FA sign-up extended to cater to many who have yet to activate access

Users have one month - which will kick in once they log in for the first time from July 5 - to register and activate for SingPass' new two-factor authentication (2FA).
Users have one month - which will kick in once they log in for the first time from July 5 - to register and activate for SingPass' new two-factor authentication (2FA).PHOTO: ST FILE

SINGAPORE - Singapore residents and overseas Singaporeans need not rush to activate SingPass' new two-factor authentication (2FA) if they have not already done so by Monday (July 4).

The Infocomm Development Authority (IDA), which administers SingPass, has adopted a more graduated approach to the sign-up process for 2FA based on how frequently people use SingPass.

Users have one month - which will kick in once they log in for the first time from July 5 - to register and activate. This means the one-month deadline is different for different users.

Based on the original deadline, all 3.3 million SingPass account holders must have 2FA activated by Monday (July 4). Otherwise, they would not be able to transact with the Central Provident Fund Board, Inland Revenue Authority of Singapore, Ministry of Manpower, and Accounting and Corporate Regulatory Authority.

So far, about half of all SingPass users - or 1.6 million of them - have signed up for 2FA. Those who have 2FA are among the 2 million active SingPass users.

 
 
 

Mr Chan Cheow Hoe, IDA assistant chief executive, said: "While the majority of regular SingPass users are 2FA-ready, we recognise that the remaining 400,000 regular users may need more time to set up their 2FA.

"This one-time grace period helps to minimise disruption and provide flexibility to different users who have not set up their 2FA and need to perform urgent e-transactions."

The 2FA feature was launched last July to counter security breaches. It uses a randomly generated one-time password (OTP) delivered via SMS or a token that looks like a mini-calculator.

The OTP must be entered together with the usual SingPass requirements of a password and NRIC number for accessing e-government services.

The sign-up process involves users updating their particulars on SingPass' website, and then selecting either SMS or token as the medium for receiving the OTP.

But confusion and inertia had dogged sign-ups.

Over the last three months, the Infocomm Development Authority (IDA), which administers SingPass, has been sending letters containing a PIN code to Singapore residents to help them enrol.

The PIN must be entered together with one's NRIC number on the website of IDA's subsidiary Assurity Trusted Solutions, which supplies the 2FA system.

Those with Singapore mobile numbers registered on SingPass' website can also activate their 2FA via SMS.

These are the steps to follow:

* Send an SMS to 78111 with the message:

ACT(space)SMS(space)NRIC(space)PIN in mailer. This will activate SMS as the medium for receiving the OTP.

* To activate the calculator-like token called OneKey issued by Assurity, the message is:

ACT(space)Token(space)NRIC(space)PIN in mailer(space)OTP generated from the token.

* To activate both, the message is:

ACT(space)Both(space)NRIC(space)PIN in mailer(space)OTP generated from the token.

Overseas Singaporeans must have their overseas addresses registered with the Immigration and Checkpoints Authority for them to get their PIN letter and token.

They must then enter the PIN and NRIC number on Assurity's website to activate the 2FA feature. They can only select the token as the OTP cannot be sent to a foreign mobile number.

If unsure, overseas Singaporeans can email osu@assurity.sg for help.