Fingerprint, facial ID for SingPass authentication

The new SingPass Mobile app is available on both the Google Play and Apple App Store.
The new SingPass Mobile app is available on both the Google Play and Apple App Store.PHOTO: SCREENGRABS FROM SINGPASS MOBILE

New app uses biometric scanning to make systems safer; teething problems at launch

Singaporeans can now access e-government services simply by scanning their fingerprints or faces on smartphones, doing away with the need to memorise passwords.

The much-anticipated SingPass Mobile app, which comes with the latest biometric features, was launched yesterday, marking a milestone in Singapore's Smart Nation journey. It ran into immediate teething problems, with some users unable to log in, encountering an error message instead.

The Government Technology Agency (GovTech), which developed the app, then posted a notice on its Facebook page asking affected users to e-mail its helpdesk with details of their phone, to help troubleshoot the problem.

Glitches aside, observers said biometric scanning is a more secure mechanism than passwords, which can be cracked easily when people set those that are easy to guess or share them freely with friends.

Users also tend to forget their passwords. "Every month, we receive about 150,000 requests from SingPass users to reset their passwords," said Mr Kok Ping Soon, chief executive of GovTech. There are 3.3 million SingPass users here.

"The new SingPass Mobile app will offer a more convenient log-in option, as users no longer need to enter their passwords to log in," Mr Kok added.

The app will also benefit overseas Singaporeans, some of whom have had issues using the OneKey token.

The existing method of logging into e-government services using a SingPass username, password and one-time passwords delivered via SMS or generated by the OneKey token will continue to be offered as an option.

Meanwhile, SingPass Mobile is seen as a key component of Singapore's national digital identity framework, which seeks to secure not just e-government transactions, but also those in the private sector.

New uses include the secure digital signing of all sorts of confidential business and legal documents.

A QR code will also be built into SingPass Mobile, carrying one's name and identity card number, among other identification data, so that users need not carry their NRIC.

They will just need to scan the QR code when going to hospitals for their appointments or entering secured buildings.

GovTech subsidiary Assurity Trusted Solutions is administering the framework.

Assurity acts like a trusted notary to issue digital certificates to SingPass Mobile users to let every party in the transaction know who the valid users are and what their digital signatures look like.

According to evidence that emerged during the recent public hearing by the Committee of Inquiry looking into the SingHealth attack, hackers got a foot in the door via phishing, where users unknowingly give away confidential data.

Credentials stolen in phishing attacks will be useless when authentication is done via only biometrics.

As an added security function, the SingPass Mobile app locks itself down when it detects malicious software on the mobile device.

SEE TOP OF THE NEWS: S'pore on the right track in exploration of digital IDs

A version of this article appeared in the print edition of The Straits Times on October 23, 2018, with the headline 'Fingerprint, facial ID for SingPass authentication'. Print Edition | Subscribe