SMS system for passwords: IDA replies

We thank Mr Chong Kek Shin for his feedback ("Tweak SMS system for passwords"; last Thursday).

We note his feedback on the time allowed to access the one-time-password (OTP) that is sent through SMS.

Currently, SMS-OTP is widely used by banks as a two-factor authentication (2FA), also known as two-step verification.

To minimise security risks, SMS-OTPs are only valid for a short period of time, usually between one and three minutes.

Based on our measurement of SMS performance last year, the percentage of SMSes delivered within 15 seconds is between 97.8 per cent and 99.6 per cent.

The delivery duration of SMSes depends on various parameters, such as network traffic and phone reception.

We are sorry to hear that Mr Chong did not experience a smooth process when he tried to access the SMS-OTP a few months ago.

If Mr Chong could provide the details to us, we will try and find out why.

Given today's evolving cyber landscape, the Infocomm Development Authority (IDA) is constantly exploring new technology for future upgrading to help our citizens transact safely and conveniently online.

Lim Keng Soon

Deputy Director

Government Communications

Infocomm Development Authority of Singapore

A version of this article appeared in the print edition of The Straits Times on February 08, 2016, with the headline 'SMS system for passwords: IDA replies'. Print Edition | Subscribe