- POSTED: 05 Jun 2014 22:37
- UPDATED: 06 Jun 2014 14:06
The InfoComm Development Authority of Singapore is reviewing the use of NRIC numbers for SingPass user IDs, following unauthorised access to up to 1,560 SingPass accounts.
SINGAPORE: The Infocomm Development Authority of Singapore (IDA) says it is "refining" the SingPass system, a day after it revealed that it has filed a police report over unauthorised access to up to 1,560 SingPass accounts.
A statement from the IDA on Thursday (June 5) said: "As part of this continued effort to improve the system, we are also exploring further measures such as allowing users to set their own usernames in the new system instead of their NRIC numbers and two factor authentication (2FA) for e-government transactions, particularly for those involving sensitive data."
All affected users have been sent notification letters as of 7pm on Thursday.
"We would like to assure all users that the SingPass system was not compromised and the vast majority of over 3 million SingPass users are not affected by this incident," the IDA statement said.
The ICT regulator also said it is in the process of refining the SingPass system and users can look forward to an enhanced version in the third quarter of 2015.
Separately, the operator of SingPass has confirmed that there is a safety net against brute force attempts at unauthorised access. Crimson Logic says after six failed attempts to log into SingPass, you will be locked out.
To regain access, you would need the following:
- Mobile phone authentication, including answering two security questions
- Go down in person to any of the following locations - CPF service centres, Community Centres, the Inland Revenue Authority of Singapore (IRAS), and Accounting and Corporate Regulatory Authority - to reset the password
This implies that the unauthorised access may not have been a matter of people having weak passwords that could be easily guessed. Still, the Government and experts have advised users to set strong, complex passwords, to better protect their online accounts and personal data.
Said the IDA: "We encourage SingPass users to strengthen their passwords to ones that are alphanumeric with 8-24 characters, preferably with capital letters and symbols, to better protect their SingPass accounts."