SINGAPORE - On Thursday, the Infocomm Development Authority of Singapore (IDA) announced that it is adding new security features to protect SingPass users. This includes two-factor authentication for sensitive transactions.
What is two-factor authentication?
Also known as 2FA, it is a security process where a user provides two means of identification to log in to an account. Having just a password alone to guard an account is a single factor of authentication.
Adding on a second factor of authentication adds another layer of security on the account. Authentication typically falls into three categories: knowledge, possession, and biometrics. Knowledge refers to something only the user knows, such as a password; possession is something only the user has, such as a mobile phone, and inherence is something only the user is, such as a person's thumbprint. 2FA will therefore require the user to provide at least two authentication means out of these three categories.
2FA is not all that new. In fact, you may have been doing it for years without realising so.
Making transactions at the ATM, for instance, requires a two-step verification. The user will first need to have the ATM card (possession), and next, the pin number (knowledge).
Almost all Internet bank transactions require a user to have the pin number to the bank account, and a physical token or a mobile phone which generates a one-time password. For added security reasons, one-time passwords are only valid for a short period of a few minutes. After that, a user will have to request for a new one.
Most social networking sites and e-mail accounts now encourage users to link their accounts to their mobile phone numbers, which prompts a user for 2FA when the user signs in from a new device.
Sources: Monetary Authority of Singapore, Great Eastern, Maybank, Standard Chartered Bank