There may be many people facing problems when they try to activate their two-factor authentication (2FA) on their SingPass accounts.
When I logged in to my SingPass account at www.singpass.gov.sg, I found that I was given only the option of activating via my OneKey token, with no option to activate via SMS. However, I discovered that my token was faulty, and a one-time password (OTP) required to activate the 2FA could not be generated.
Initially, I was informed by the SingPass helpdesk that there was no way to access the SMS option unless I have activated my OneKey token. Only then would I be able to include my mobile phone number in my account. I was advised to wait for Assurity, the vendor for the token, to contact me and issue me with a new token.
Three days later, I received a call from Assurity that it would be able to include the SMS option in my SingPass account over the phone with me, and I could then activate it from the next working day.
Assurity also informed me that my OneKey token was actually registered for me by the Singapore Exchange (SGX) and that it had not included my mobile phone number at the point of registration.
If SGX did not have my mobile phone number, it should not have unilaterally registered the token on my behalf, with this potential ramification.
There are likely many people like me who have been issued their OneKey tokens by SGX and other service providers which have not included their clients' mobile phone numbers during registration.
This will prove a problem if, like me, their OneKey token malfunctions or if they have misplaced their token, thus rendering them unable to access the OneKey option, as well as the SMS option. Indeed, I was told by the Assurity staff that quite a few people have encountered similar problems.
Thus, it is advisable to log in early to set up the 2FA so as to resolve any problems before July when it becomes compulsory. I also hope the authorities will look into this issue, which was very time-consuming to resolve.
Maria Loh Mun Foong (Ms)